Starbucks Wi-Fi Forces Users To Mine Cryptocurrency

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Starbucks’ internet provider in Buenos Aires is the latest to hijack users’ processing power to carry out lucrative crypto-mining activities

hacking with a laptop in hotel roomWi-Fi users at a Starbucks in Buenos Aires found their computers’ processing power hijacked and used to mine cryptocurrency when they connected to the network, in the latest appearance of a nuisance that in the past has been associated mainly with malware.

The outlet’s free Wi-Fi, supplied by an external provider, imposed a 10-second delay after users connected, during which coin mining code written in JavaScript ran on users’ devices.

Users weren’t informed what was taking place, but Noah Dinkin, chief executive of enterprise email generation firm Stensul, discovered what was happening and notified Starbucks of it via Twitter, including a screenshot of the code in question.

“Feels a little off-brand,” Dinkin said in the post.

Mining code

The shop’s internet provider was apparently running a popular script made by CoinHive that mines a cryptocurrency called Monero.

The code is the same that torrent site The Pirate Bay slipped into its page code earlier this year as a revenue-generation method, until user outcry forced it to remove the code.

Dinkin said a friend had initially observed the mining activity and that it had taken place in a number of Starbucks outlets around Buenos Aires.

He said the mining activity wasn’t mentioned in the user terms and conditions for connecting to the Starbucks Wi-Fi.

“Based on the code of that interim page, I don’t believe this was a (man-in-the-middle) situation,” Dinkin wrote, referring to a type of attack that can insert malicious code into a user’s browser.

Starbucks last week confirmed its internet service provider had been running the mining code on users’ systems, and said the issue had been “resolved”.

“As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely,” the company said in a statement on Twitter.

The company confirmed separately that the Wi-Fi in question is not run by Starbucks.

“It’s not something we own or control,” the company stated.

Invasive scripts

Cryptocurrencies such as Monero and Bitcoin are generated by a processor-intensive “mining” process typically carried out in large data centres.

But it can also be farmed out to numerous lower-powered devices, as is the case with the CoinHive script, which was originally intended as a way of helping website owners generate revenues without resorting to advertising.

The fact that such code imposes a processing strain on users’ systems makes it controversial, however, and CoinHive emphases it should only be deployed with users’ consent.

Security researchers reported in October that attackers had made around $63,000 (£47,000) in Monero over a period of five months by installing unauthorised mining code on vulnerable servers.

In an advisory, security firm Sophos said users can be alerted to invasive scripts when they cause a laptop’s fan to switch on or display high levels of activity in a system’s task manager.

Sophos said users can install browser plug-ins that block unwanted scripts and can disable them in some antivirus software.

The company also advised firms to promptly apply patches to their web servers to prevent attackers from installing coin-mining scripts that run on the systems of visitors to a site.

“Crooks who can break into your servers could add cryptomining code to leech ‘free money’ from all your website visitors, leaving you to bear the brunt of any complaints,” Sophos wrote.

Do you know all about security in 2017? Try our quiz!