Starbucks Wi-Fi Makes Computers Mine Cryptocurrency

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Rengar

Level 16
Jan 6, 2017
788
5,108
Operating System
Windows 8.1
Installed Antivirus
ESET
#1
A latte and some cryptocurrency to go, please!
Tech users have been warned for years about protecting themselves when connecting over public, unsecured Wi-Fi. Whether it’s in airports, hotels, or a local coffee shop, these connections encourage the public to utilize that business; airports and hotels often charge fees for Wi-Fi but will waive that fee to “gold” level travelers, while restaurants and other businesses use the availability of a connection to sway consumers’ choice in a market flooded with options.

Typically, the threat involved in these readily available connections comes from hackers who are also on the same connection, mining your information for identity theft and related crimes. But recently, one CEO traveling abroad found out the hard way that a Starbucks in South America was infecting customers’ browsers in order to hijack some processing speed and mine the cryptocurrency Monero.


Starbucks has acknowledged that visitors to one of its branches were unwittingly recruited into a crypto-currency mining operation.

Beware the Buenos Aires lag
According to an experience by Stensul CEO Noah Dinkin, a Starbucks in Buenos Aires “lagged” for about 10 seconds when he connected. He discovered the inserted code and reported the issue via tweet to corporate. Starbucks immediately investigated and found that not only do they believe that one store was affected, that the issue originated with the wifi provider for that store, not with some baristas looking to score some cryptocurrency by hijaking customers’ devices.

Abuse of trust
On the one hand, this behavior did not actually impact the customers other than to slow down their internet use and take advantage of their obliviousness to the mining going on. However, it’s also a completely unacceptable abuse of a trusted company’s brand. It hopefully speaks to the very clear truth that a corporate logo is not a beacon of trust when outsiders also have access to the process. Tech users will be wise to monitor their connections, deploy tools like VPNs, and remember that public Wi-Fi can pose a danger to individual consumers.