Hacking your smart stick & TV for money

You notice glitches in your favorite show.

And you’re feeling some heat. 

It could be a sign of many things, but add this one to the list — cyber crooks hacking your smart TV or smart stick to mine for crypto cash.

Watch here:

 

 

Secrets on your stick

You might say things are “heating up” on TV tonight.

While you’re kicking back watching wrestling, your TV may be hard at work — secretly mining digital gold for crooks, right before your eyes.

It can be pretty easy for the bad guys to get their stealth cryptominers on your machine, said Martin Hron, researcher with security company Avast.

“It’s a bad thing because they are using your electricity and your power of device, the computation power of the device, and the device itself heats up really badly,” Hron told Archer News. “It basically can damage the device by heat.”

 

Security researcher Martin Hron found attackers could mine for cryptocurrency on Amazon Fire Sticks. Image credit: Archer News

 

Fire TV Stick

Hron did research on the Amazon Fire TV Stick, a stick that can turn your dumb TV into a smart TV.

You can use it to run popular TV apps like Netflix and Hulu, as well as accessing Amazon shows and content.

But he said attackers can convince people to load trick apps on their stick or TV — apps that look and act legit, but let the bad guys in.

The attackers can also get in through vulnerabilities in your home router, for example.

Once inside, they can mine for cryptocurrency on your device.

Too hot to handle?

Hron pointed an infrared camera at a smart stick for a demonstration at the RSA cybersecurity conference in San Francisco this week. He gave Archer News a demo, too.

 

An infrared camera shows heat coming from a smart stick. Image credit: Avast

 

Normal temperature for the device is about 80 degrees, he said.

But with the miners digging away on your device?

The camera shows the stick at 130 degrees.

“It heats up,” Hron said. “Now it’s mining cryptocurrency for someone else.”

That kind of heat can hurt your devices, he explained.

“Like, melting the plastics, for example,” Hron said. “For these devices like Fire TV Stick or IoT device, it can shorten basically the lifespan very drastically of the device.”

Glitches and lag

You might be okay with melting plastic or buying a new smart stick or TV sooner than you thought.

The question is — what about your wrestling show?

The crypto mining activity could make your picture less clear, or could make it lag or stop and start, according to Hron.

Making money on your dime

A tally in the corner of the researcher’s demo screen shows that this experiment is actually earning Hron and friends some digital cash.

“Yeah, we made like one dollar, I think,” he laughed. “A huge amount of money, right?”

 

The smart stick crypto mining experiment racks up 96 cents in the cryptocurrency Monero. Online crooks make much more because they attack many devices at once. Image credit: Avast

 

But cyber crooks do it on a massive scale, a takedown not just of your home network, but other people’s devices, too, with the money going to online thugs.

They can make much more money with this illegal activity, he said.

Should people care that this is happening?

Yes, Hron said.

Smart device makers should do a better job on security.

Security companies should make solutions for people at home.

And people at home should change the passwords that come on their devices, instead of leaving them at things like this, which will not keep attackers out:

 

Change the default usernames and passwords —like “admin” — that come on your smart devices. Image credit: Archer News

 

What can you do?

Archer News contacted Amazon about the Fire TV Stick research and asked what people should do about security.

Amazon did not respond.

We turned to Hron for advice, in addition to changing the default passwords on all of your smart devices.

What should you do if you feel your device heating up significantly?

It may not be cryptomining, he said. It could simply be broken or have other problems.

“To be sure, like, the best thing probably would be to go to a factory reset on the device,” he said.

Avast CEO Vince Steckler also provided ideas on smart TV security in an interview with Archer News last year.

A few years ago, some people swore they would never buy a smart TV because of security issues.

Now, that could be a hard to do.

“You can’t buy a dumb TV anymore,” Hron said.

 

Main image: Amazon Fire Stick. Image credit: Archer News