Friday, November 22

Starbucks’ WiFi Was Hijacking Customer’s Laptop To Mine Cryptocurrency

A user, named Noah Dinkin recently revealed in a Twitter post that Starbucks’ free in-store WiFi in Buenos Aires was secretly hijacking customers’ laptops to mine cryptocurrency. The hijack was revealed on Dec. 2 when Stensul CEO Noah Dinkin noticed a 10 second delay while connecting to the public WiFi at a Starbucks cafeteria in Buenos Aires, Argentina.

After a little research, he found out that customers who were trying to access the free WiFi were having their electronic devices infected with a malicious code which was mining cryptocurrencies. After the post went viral, Starbucks did apologize for the mishap, but after several customers exposed to the hijack.

How did they do it?

Dinkin revealed that he uncovered a suspicious code embedded in Starbucks’ reward-site for Argentina that happened to be Coinhive’s code used to generate Monero coins using the CPU processing power of the site’s visitors.

Covert cryptocurrency mining has been this year’s hot topic. Websites which surreptitiously use visitors’ CPUs to mine cryptocurrency are extremely controversial. The code has the ability to hide as pop-under windows and remain open indefinitely. Further processing and slowing laptops and other devices. Such behavior might be expected of anarchist webmasters, but it’s hard to imagine global corporations stooping so low.

 

Here’s what Starbucks replied:

 

The company has also confirmed to Motherboard that this issue was confined to the Beunos Aires location, and that the issue was with the service provider and not Starbucks itself.