These days, many home appliances and electronics don’t work the way they used to. With the invention of self-monitoring, analysis, and reporting technology (SMART), a lot of the devices around the house won’t shut off completely unless they are completely disconnected from their source of electricity. We saw this trend about 12 years ago with PS3 and Xbox 360 video game consoles that from seventh generation onward can download and install software patches while the devices appear to be in sleep mode.
Even if you don’t like console gaming, the same applies to all kinds of TVs manufactured in the past ten years or so, whether or not they’re “smart.” They are never completely off unless they’re disconnected from power. “Dumb” TVs can download and install firmware updates while sleeping. Smart TVs, a common type of IoT (internet of things) device, can do that plus download and install updates to their operating systems and applications, all while not consuming anywhere near as much electricity as when they’re properly “on” and projecting a bright image onto their screen.
But you know what could make your TVs and other living room entertainment devices consume a lot more electricity while sleeping than they usually would? Cryptomining malware. Cryptomining malware on home entertainment devices is an emerging and worrisome threat.
A wide variety of home entertainment devices, from manufacturers as diverse as Sony, RCA, Sharp, and ASUS, run Android TV. A proprietary fork of Android, Fire OS, is used on a diverse range of Amazon home entertainment devices. Android IoT device exploits have the ability to do harm in many, many people’s living rooms around the world. One of the earliest forms of cryptomining malware that specifically targets Android IoT is ADB.miner, which was discovered last February. New forms of ADB.miner emerged throughout the spring.
As explained in PC Mag, “Users in an Android developers’ forum began posting about the problems in April and realized the app was actually ADB.miner. However, it doesn’t appear that all Fire TV Sticks are vulnerable. The problem occurs when sideloading sketchy apps, which can activate the Android Debug Bridge feature. According to UK-based security researcher Kevin Beaumont, Amazon TV devices that’ve been modified to ship with Kodi, an open source media player, are among those affected. Making matters worse is that products that have been infected will also attempt to spread the malicious code to other devices. ADB.miner isn’t specifically targeting Fire TV Sticks, but any Android device with the debug feature enabled.”
General cryptomining malware has exploded in 2018, to an utterly jaw-dropping extent. According to a report from the Cyber Threat Alliance, members observed anywhere from a few hundred to a couple of thousand cryptocurrency malware detections per month through 2017. But by 2018, that number of new detections when from about 25,000 per month to over 150,000 new detections per month! Wow. Overall, cryptomining cyberattacks have increased to a whopping 459% between 2017 and September 2018. The spread to TVs and things to plug into TVs was inevitable. ADB.miner just started a trend.
According to the CTA report, “As a part of this continued expansion, malicious actors are increasingly targeting IoT devices, in addition to standard personal computers. Fortinet notes that media devices, such as smart TVs, cable boxes, and DVRs, are an increasing target of illicit mining power. Symantec has analyzed a recent case of MikroTik routers in Brazil, and eventually worldwide, being exploited for illicit mining. Rapid7 has also noted an increase in illicit miners affecting Android devices, such as internet set-top boxes, starting in February 2018.”
The report goes on to say, “CTA members have observed existing criminal actor groups shifting well-known botnet infrastructure away from ransomware and distributed denial of service (DDoS) attacks to engage in illicit cryptocurrency mining. Researchers noted in February 2018 that the BlackRuby Ransomware family began ‘double dipping’ by adding the open-source XMRig software to their tools to mine Monero. The VenusLocker Ransomware family completely shifted gears, dropping ransomware for Monero mining. The Mirai botnet, notable for its 2016 DDoS attack that used IoT devices to impact substantial portions of U.S. internet services, has since been repurposed into an IoT-mining botnet.”
When your TV is mining Monero or Bitcoin for cybercriminals while you sleep and while your TV “sleeps,” that isn’t a harmless crime at all. Mining cryptocurrency, which involves solving complex mathematical problems on a constant basis, is hard on your TV and your entertainment center CPUs and RAM. The cumulative wear and tear could mean your devices will stop working much sooner than if they were used in a typical way. Not to mention, all of that extra computing done while you sleep consumes extra electricity that you will surely see on your next electricity bill.
Replacing devices sooner adds more garbage to landfills, which is bad for the environment. Extra electricity consumption for no good reason makes power plants work harder and generates more pollution—which of course, is also bad for the environment. These activities contribute to climate change, which is responsible for the severe weather events we have seen recently around the world. Cybercriminals make lots of money with all of this illicit mining, which encourages them to do more. So, the link between illicit cryptomining and worsened hurricanes isn’t as dubious as one might think.