2018 March | AIVAnet

10

Mar

Cryptojacking turns your PC into a Bitcoin mine, but you won’t see a cent

(in)Secure is a weekly column that dives into the rapidly escalating topic of cyber security.

Cryptocurrency has fought for its reputation ever since its creation. Bitcoin fans have always had to defend against accusations that it’s only purpose is for illicit activities — that it’s a currency for criminals. Bill Gates even argued it has caused death in his recent Reddit AMA.

Now, cryptocurrency has yet another problem to deal with: cryptojacking. It’s the act of hacking a computer for use in cryptocurrency mining, usually without the owner knowing about it. It’s the newest evolution of malware — and it looks set to spread like wildfire.

A brave, new world

In February, Salon announced a new crowdfunding campaign that caught headlines across the internet. You can donate your computing power through cloud mining to help support the publication. It doesn’t require the installation of software, or even setting up an account.

Thousands of legitimate websites, even some government institutions, have been cryptojacked.

Just like that, an alternative to paid subscriptions and ad-based revenue has appeared. Cloud mining was already catching on, and now it’s finding new, interesting use cases.

Also in February, security researcher Scott Helme published his findings on the dark side of the technology. Without getting consent from either the owner of the website or visitors, cryptocurrency scripts can be hacked into websites, which then hack visitor’s CPU power. That’s cryptojacking.

The past year has witnessed several large-scale attacks on websites like the LA Times, Tesla, and Politifact, but recently the trend has escalated in an even more startling way. Research shows that thousands of legitimate websites, including some that belong to government institutions, have been cryptojacked.

How? Helme puts it this way: “If you want to load a cryptominer on 1,000+ websites, you don’t attack 1,000+ websites, you attack the one website that they all load content from.” In one case, an assistive technology called Text Help was compromised. Any website that used it then cryptojacked visitors, without either the website owners or visitors having a clue.

Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… ???? pic.twitter.com/xQhspR7A2f

— Scott Helme (@Scott_Helme) February 11, 2018

Another recent report claims 50,000 websites already have crypto-mining malware ready to steal your computer’s power without your knowledge. Seven thousand websites have been discovered to contain this strain of cryptojacking on the WordPress platform alone.

Both Salon and the hackers behind recent attacks use the same tool — a JavaScript miner called CoinHive. It can be embedded on a webpage and functions in the visitor’s browser window. Hackers have taken the script and implemented it to immediately force visitors to donate their CPU power toward mining Monero coins, or XMR. (What’s that, you ask? Read our guide to the best Bitcoin alternatives).

The internet could become one big, illicit crypto-mining operation.

That wasn’t CoinHive’s intent. Instead, its developers “dream about it as an alternative to micro payments, artificial wait time in online games, intrusive ads, and dubious marketing tactics.” It’s a rather clever idea, really. The average PC is much more powerful than needed to browse the web, so why not use a bit of that performance to pay for content? The creators of CoinHive told Motherboard recently that “their reputation couldn’t be worse,” lamenting that they didn’t see the potential of cryptojacking at the time.

To be clear, cryptojacking isn’t an easy way for hackers to get rich. If a site has 10–20 active miners all day, CoinHive claims “you can expect a monthly revenue of about 0.3 XMR (~$86).” It’s relatively easy for hackers to implement, however, and the anonymous nature of cryptocurrency makes the payoff hard to trace. Consider it low reward, but very low risk. So long as cryptocurrencies keep rising in value, cryptomining — and its dark side, cryptojacking — will continue to spread.

This is only the beginning

It’s not hard to imagine cryptojacking’s future. Today, ads are everywhere you look on the internet, and off. Ads appear everywhere from YouTube to free software. Cloud cryptomining could provide an alternative, letting you “donate” some processor power for free web content or software.

We could also see a future where cryptojacking is constantly in the news — and in much greater potency. The internet could become one big illicit crypto-mining operation, and the fight against that won’t be easy. Hackers will find efficient and more subtle ways of secretly contorting innocent CPUs to make a quick buck. Right now, it’s not yet possible to mine cryptocurrency in-browser using a visitor’s GPU, which would provide much more substantial hashing power. Such a thing can’t be too far away.

And it doesn’t stop with in-browser mining.

Imagine the way adware works today. You’re installing a piece of software, and you quickly click through a few checkboxes to complete the installation. Without being fully aware of it, you’ve installed a piece of software that generates revenue for a company by inserting ads into your browser. Because it’s invisible, cryptojacking malware tougher to deal with. You might not even notice it quietly humming along in the background as it slows your computer and fills someone’s crypto-wallet.

This is certain to happen in a future where cryptocurrency cements its position as an online currency. It’ll give developers and website owners a new way to make legitimate cash from their work — and profit-driven hackers another potent tool in their toolbox.

Editors’ Recommendations

Is your browser mining bitcoin? ‘Malvertisements’ are hijacking Google Ads
Salon will mine digital currency on your PC if you opt to disable ads
Crypto-mining malware nets hacker group $3.4 million worth of Monero coins
What is Litecoin? Here’s everything you need to know
Government websites fall prey to a plugin injected with a digital coin miner

10

Mar

Never get lost again with the best navigation apps for iOS and Android

Getting around can sometimes be a real pain in the rear. Unexpected delays, traffic, and road closures are a daily hassle, and if you’re going out into the world unprepared then you’re inviting frustration into your life.

Thankfully, it doesn’t have to be that way. There are apps that will do the hard work for you, whether that’s scanning the road ahead and informing you of road changes, or letting you know ahead of time that there’s heavy traffic and you should leave early. We’ve brought together some of the best navigation apps for both Android and iOS, so while you’re keeping an eye on the road, your phone can be handling everything else. While you’re at it, check out our list of great phone car mounts too!

Google Maps (free)

This couldn’t be a list of the top navigation apps if we didn’t include Google Maps. Google has photographed and mapped most of the globe, and is constantly updating its databases to add new roads, bypasses, and even update the images on Google Street View. It includes a navigation mode that’s simple to set up and allows for multiple stops and pit stops along the way, it shows live traffic as you travel and helps you to avoid those troublesome hot spots, and it even has an offline mode so you can save the maps you need for later, without using your precious data. It’s not just about navigation either — once you reach your location it can also recommend places to eat, drink, or stay, based on your needs. Available on iOS and included by default on most Android phones, it’s hard to beat Google Maps. As you’d expect, it also works with Android Auto.

Download now from:

Android iOS

Apple Maps (free)

Apple Maps is your default option when you use an iOS device, but like Google Maps, that doesn’t mean it’s a subpar experience. Apple Maps offers all the basic navigation features you’d expect, but expands its remit by offering travel suggestions based on your previous activity or based on events in your calendar. It displays all the nearest bars or restaurants, based on your searches or the simple “nearby” command. When you’re actually on-the-move, it makes sure you know which lane you’re supposed to be in, and it suggests your stop if you’re on public transport. You can even book appointments from the app on services like OpenTable, Lyft, or Uber. Apple Maps is another great all-in-one choice, but it’s only on iOS.

Find out more for:

iOS

Citymapper (free)

It’s not really a full-fledged navigation app, but if you’re looking to travel around a city, then there’s no better option than Citymapper. Available in a fair selection of cities around the world, Citymapper gives you in-depth information on getting around, including bus and train timetables, walking directions, and real-time data to make sure that you’re always aware of disruptions or traffic that could delay you. If you’re a regular commuter, alongside the up-to-date travel info, you also get updates on projected traffic during your usual commute times, as well as any alternative routes that might get you there quicker. It’s not much good when you’re out in the sticks, but there’s no better app for both the city-slicker and city-visitor.

Download now from:

Android iOS

Waze (free)

Waze isn’t just a navigation app — it’s a collection of drivers working together to ensure that as few people as possible get caught out by traffic and incorrect map data. Waze is constantly updated by the millions and millions of users using it to get from one place to another, funneling data about travel times, traffic, and even fuel prices back to Waze, to help other users. You can add friends to your app and see them on your map, so you know exactly when they’re going to reach you, and the community is constantly making sure that the maps used for navigation are up-to-date. It also works with Android Auto in your car, and is definitely worth a try if you commute every day. Even though both are owned by Google, it can be tricky to choose between Waze and Google Maps, so we recommend trying out both to find the right one for you.

Download now from:

Android iOS

DriveMode (free)

Now here’s a true all-in-one option. DriveMode isn’t really a navigation app, it’s more a handy interface laid over the top of your phone while you’re driving. But what an interface! DriveMode thinks of itself as a safety app, and uses large screen buttons and voice commands to ensure that you’re able to access the information you need, when you need it. You can reply to text messages with your voice, as well as skip songs on your music player, or quickly find new directions. It’s compatible with a lot of the best music and maps apps around, including Spotify, Google Maps, and more — and it even syncs up with Google Assistant. If your car isn’t smart, then DriveMode can make it seem like it is. Unfortunately for iPhone users, it’s Android-only for now.

Download now from:

Android

Editors’ Recommendations

These 100 best iPhone apps will turn your phone into a jack-of-all-trades
100 awesome Android apps that will transform your tired tablet
For deals or just the latest designs, these are the best shopping apps out there
Looking for a house? The best real estate apps will make it easier
The best running apps for iOS and Android

10

Mar

California to introduce ‘Right to Repair’ bill for electronic devices

California will soon become the 18th state to introduce a “Right to Repair” bill that would give Californians more options in repairing or replacing electronic items.

Introduced by Democratic Assemblymember Susan Talamantes Eggman of Stockton, the bill would make diagnostics, replacement parts, and repair instruction available to both consumers and independent shops, so owners of electronic devices are not forced to submit to sometimes costly manufacturer repairs.

The bill focuses heavily on the impact that right to repair would have, not only on California’s own employment, but on general sustainability as well. “People who can’t afford the high price of manufacturer-based repair services are increasingly forced to prematurely replace durable goods, such as phones, TVs, and appliances,” says the statement on Eggman’s website. “Repairing and reusing electronics is not only a more efficient use of the scarce materials that go into manufacturing the products, but it can also stimulate local economies instead of unsustainable overseas factories.”

The bill has been welcomed by consumer advocacy group Consumers Union and the Electronic Frontier Foundation, but it’s likely that the bill will face significant opposition from tech giants that have previously fought against similar laws on the grounds of user safety and protecting intellectual property. Similar bills have previously been heavily stalled by such efforts, so it’s unlikely that we’ll be seeing this bill passed quickly.

The wider issue of planned obsolescence in mobile technology was recently pushed to fore after it emerged that Apple was purposefully slowing down older devices. After a large pushback from Apple users and lawmakers alike, Apple introduced options that allowed users to turn the option off, and offered free battery replacements to affected models.

While the spectre of “planned obsolescence” still hangs over the tech industry like a sickly miasma, a move towards “Right to Repair” across the U.S. would allow for third-party repair shops to perform repairs that could extend device lifespans, cutting down on the need to upgrade early and saving the precious elements inside such devices from waste.

If you’re looking for tips on how to put your older devices to good use, we have a guide of some of the best ways you can reuse smartphones and tablets, and how to recycle old computer parts.

Editors’ Recommendations

Two countries are now investigating Apple over iPhone planned obsolescence
Everything you need to know about the performance dip on your iPhone
Apple will keep repairing your vintage iMacs in a new pilot program
Swiss Apple Store evacuated after an iPhone battery begins emitting smoke
How to replace your iPhone’s battery

10

Mar

California to introduce ‘Right to Repair’ bill for electronic devices

California will soon become the 18th state to introduce a “Right to Repair” bill that would give Californians more options in repairing or replacing electronic items.

Introduced by Democratic Assemblymember Susan Talamantes Eggman of Stockton, the bill would make diagnostics, replacement parts, and repair instruction available to both consumers and independent shops, so owners of electronic devices are not forced to submit to sometimes costly manufacturer repairs.

The bill focuses heavily on the impact that right to repair would have, not only on California’s own employment, but on general sustainability as well. “People who can’t afford the high price of manufacturer-based repair services are increasingly forced to prematurely replace durable goods, such as phones, TVs, and appliances,” says the statement on Eggman’s website. “Repairing and reusing electronics is not only a more efficient use of the scarce materials that go into manufacturing the products, but it can also stimulate local economies instead of unsustainable overseas factories.”

The bill has been welcomed by consumer advocacy group Consumers Union and the Electronic Frontier Foundation, but it’s likely that the bill will face significant opposition from tech giants that have previously fought against similar laws on the grounds of user safety and protecting intellectual property. Similar bills have previously been heavily stalled by such efforts, so it’s unlikely that we’ll be seeing this bill passed quickly.

The wider issue of planned obsolescence in mobile technology was recently pushed to fore after it emerged that Apple was purposefully slowing down older devices. After a large pushback from Apple users and lawmakers alike, Apple introduced options that allowed users to turn the option off, and offered free battery replacements to affected models.

While the spectre of “planned obsolescence” still hangs over the tech industry like a sickly miasma, a move towards “Right to Repair” across the U.S. would allow for third-party repair shops to perform repairs that could extend device lifespans, cutting down on the need to upgrade early and saving the precious elements inside such devices from waste.

If you’re looking for tips on how to put your older devices to good use, we have a guide of some of the best ways you can reuse smartphones and tablets, and how to recycle old computer parts.

Editors’ Recommendations

Two countries are now investigating Apple over iPhone planned obsolescence
Everything you need to know about the performance dip on your iPhone
Apple will keep repairing your vintage iMacs in a new pilot program
Swiss Apple Store evacuated after an iPhone battery begins emitting smoke
How to replace your iPhone’s battery

10

Mar

‘Fortnite: Battle Royale’ is coming to mobile with crossplay support

cross

You already spend every waking second of your time playing Epic Games’ Fortnite: Battle Royale on your consoles and PC, but when you leave the house, you’re forced to leave the multiplayer shooter behind. That will no longer be the case, however, as Fortnite: Battle Royale is coming to mobile devices with cross-platform play.

Epic Games announced the port of Fortnite — which we shall call “Portnite” — on its website late Thursday, March 8. Initially available on iOS, the game will eventually come to Android platforms as well. A special “invite event” for iOS users will begin shortly, and interested players can sign up beginning on March 12.

To play Fortnite: Battle Royale on iOS, you’ll need an iPhone 6S/SE or newer, or a newer iPad, such as the Mini 4, Pro, or Air 2. You’ll also need iOS 11 installed, which might be an issue if you’re using a slightly older model due to the effect it can have on your battery life.

Mobile players won’t just be playing with each other, either. The game will support crossplay and cross-save with PlayStation 4, PC, Mac, and Android.

The Xbox One is being left out of the fun, but this isn’t due to a technical restriction. Back in September, Epic Games accidentally enabled crossplay between the Xbox One and PlayStation 4 versions of the game. Currently, the two platforms cannot play with each other, and Epic turned the “feature” off a short time later, calling it a “configuration issue.”

Microsoft is open to having crossplay between the two platforms, and has even enabled Xbox users and Switch users to play together in Minecraft, but thus far Sony has not budged.

Fortnite: Battle Royale has exploded in popularity recently, becoming the most-watched game on streaming service Twitch and putting its inspiration, PlayerUnknown’s Battlegrounds, to shame. In February, the game even managed to have 3.4 million simultaneous players. Battlegrounds recently launched its own mobile adaptations as well, though these are currently not available in North America and are not direct ports of the PC and Xbox One games.

Fortnite: Battle Royale is now available for free on PlayStation 4, Xbox One, PC, and Mac. A 100-player, five-team mode is available now as well.

The “standard” version of Fortnite, which focuses on player-versus-environment content, can be purchased in several different editions which range in price from $40 to $150.

Editors’ Recommendations

‘PlayerUnknown’s Battlegrounds’ has sold 30M copies, but fewer people are playing
Epic Games is pulling the plug on ‘Paragon’ after the success of ‘Fortnite’
‘PlayerUnknown’s Battlegrounds’ creator has some thoughts on copycat games
‘Fortnite’ overtakes ‘PUBG’ record with 3.4 million players at one time
12 great old games coming to the Nintendo Switch in 2018

10

Mar

Twitter CEO aims to overhaul verification as digital coin scams grow

Twitter CEO Jack Dorsey and product director David Gasca indicated during a Periscope live-stream on Thursday, March 8, that the company wants all users to sport a verification badge. Their intent arrives as scammers take to the social platform to steal money from unsuspecting victims through accounts created using a flaw in the verification system. Twitter users believe these accounts are “official” and backed by Twitter, handing over small amounts of digital currency to scammers for a promise of a big return, but remain empty-handed.

“The main problem is we use it to mean identity, but because of the way it was originally started, where it was only given to certain very large public figures, celebrities, etcetera, it came to have a lot of status associated with it, as well,” Gasca said. “They think of it as credibility. Twitter stands behind this person, Twitter believes that this person is someone that — what they’re saying is great and authentic, which is not at all what we mean by the checkmark.”

That is why victims fall prey to the cryptocurrency scams proliferating across Twitter: Many accounts appear to be verified and backed by Twitter, which they are not. The problem is getting out of hand, pushing legitimate Twitter accounts to continuously warn followers about the scams. In return, these accounts inadvertently violate Twitter’s policies and face a permanent ban.

A prime example is the Kraken Exchange cryptocurrency trading platform, whose support-related Twitter account temporarily went offline due to repeated warnings to followers. Twitter eventually lifted the ban.

“Safety tip: Beware of twitter handles that are similar to ours that promise coin giveaways, if you send them a deposit first. We are not doing a giveaway at this time,” Kraken’s support team warns.

One such scam uses the Kraken logo as bait. Victims are suggested to send up to five Ethereum coins (Ether) to a specific address for up to 50 Ethereum coins in return in a big 2,000-coin “giveaway.” But victims never see the big return, nor do they get their virtual coins back. It’s a growing problem related to the verification system that Twitter is now addressing.

“The intention is to open verification to everyone,” Dorsey said on Thursday. “And to do it in a way that is scalable [so] we’re not in the way and people can verify more facts about themselves and we don’t have to be the judge and imply any bias on our part.”

Twitter previously tried to overhaul the verification system in 2016 by accepting applications from users who want a verified account. Twitter performed the verification in-house, assigning the coveted checkmark to actors, musicians, and so on. But Twitter halted the application process in November after a backlash over the verification of Jason Kessler, the main organizer of the white nationalist Unite the Right rally in Charlottesville, Virginia.

“Our agents have been following our verification policy correctly, but we realized some time ago the system is broken and needs to be reconsidered,” Dorsey said at the time.

Editors’ Recommendations

Cryptocurrency not an ideal long-term investment, warns Ethereum co-founder
Facebook bans advertisements for cryptocurrency exchanges
The old “Nigerian prince” scam is back on Twitter — with a Bitcoin twist
Social Feed: Snapchat tests tags, bots want your data, Facebook patents a robot
How to buy Ethereum