For a long time now, the darkweb has been utilizing cryptocurrencies for its transactions. Recently, malicious actors have been turning to the mining of these currencies using stolen compute power from organizations and individuals. Mobile devices, with their powerful CPUs and always-on nature, have become an attractive target for clandestine mining operations.
Why not Bitcoin?
The days of mining Bitcoin at any reasonable rate on a regular compute device are long behind us. Bitcoin uses a CPU-bound function which is easily computed by ASIC devices.
Bitcoin is also transparent. You can trace every Bitcoin to its very creation and it is public record as to exactly how much is in every Bitcoin Wallet.
Monero is a memory-bound function that appears to be very difficult to distill down to an ASIC function. Monero also uses ring signatures to hide the spending and receiving amounts from each wallet address – perfect for darkweb and anonymous transactions.
How much money could my phone generate?
Not very much at all. An iPhone 7 can at best compute 20 hashes/second (roughly $0.03 per day with 1 XMR : 88 USD) . Only at large scale can someone hope to create meaningful amounts. You can test your own device’s hash-rate capabilities at http://cuddeford.com/mineme.html (and earn the author of this blog post lots of cryptocurrency in doing so). The electricity costs generally far outweigh any cryptocoin you will generate. The market is being fed by miners who are not paying for their own power.
More likely you will be tricked into mining from your phones from websites like https://ios11battery.xyz
Why should I care?
Mostly around your battery-life. Energy cost is the most expensive bound for a cryptocurrency miner and your device’s battery is what they’re after most. Not only can this drain your battery, it can also affect the performance of other applications on your device.
What’s the likelihood of my device being affected?
Based on research by Wandera, in the month of October roughly 0.8% of mobile devices accessed resources from a sample cryptomining framework. Over the past 3 months, Wandera has seen an explosion in the usage of cryptomining from mobile devices. After an initial spike in usage of illicit mining, infected resources have tapered but still appears to be growing slightly.
Is there a legitimate use of mining on end-users’ devices?
Potentially yes. CAPTCHA systems are very close to be defeated by AI and adding a proof-of-work system would negate any monetary benefit spammers could create. Coinhive has recently introduced an opt-in mining system for end-users that could see an alternative to embedded advertisements if used responsibly.
Does this only affect malicious apps?
What can developers do better?
Mining can be a good way to support your favorite app/site by using spare compute/battery on your device. Mining pools are moving towards a responsible opt-in model so you can decide if and when you’d like to donate some of your device’s power to such a cause.