Why is my cheapo Android red hot and switching off Wi-Fi?

It's no (crypto)miner offence

shutterstock_197065211

Cheap Android smartphones aren’t just bad for the environment because they’re destined for landfill - they might also cause problems because they come laced with ineffective but battery-life destroying crypto-mining crud.

Reg reader Andy Brown was initially pleased with the inexpensive Xgody smartphone he bought as new from eBay for less than £100. Consternation set in around two weeks into buying the tech when the device grew hot in his pocket, the battery life rapidly dwindled and (worst) the gizmo kept switching off Wi-Fi and moving onto a 4G connection.

After doing some digging, Brown realised that his Xgody smartphone had hidden crypto-mining apps loaded into the memory (ROM) of the smartphone.

The smartphone was trying to run crypto mining using CoinHive via a background process. This process required internet access and was blocked using Brown’s restrictive DNS setting on his home network that automatically blocked access to undesirable domains, hence the gizmo’s attempted switch from Wi-Fi to 4G.

Even a factory reset didn’t initially remove the offending background process, which ran particularly hard when Brown’s smartphone was idle and not in use. The process was throttled back when he used the device. Brown eventually killed the crypto miner without having to root his device. Less technically knowledgable users may well have been flummoxed by the whole process.

Brown's tangles with the crypto-mining app have caused him to ponder on the economics of cheap Chinese smartphones.

"Cheap phone ... how do you subsidise the cost? Get it to click on banner ads, and mine cryptocurrencies when the user isn't using it," he speculated.

Troy Mursch, a security researcher who has done a great deal to expose cryptojacking and other network abuse scams, told El Reg that the approach of using a smartphone for crypto-mining was hopelessly inefficient and unlikely to pull in anything beyond a token return.

“Yet another use case involving Coinhive," Mursch said in a Twitter update. "Cryptojacking on mobile devices is dangerous and terribly inefficient."

Brown told El Reg that he wasn’t absolutely sure who was to blame for the presence of crypto mining code on his smartphone. It could be either the seller on eBay or any player involved in the manufacture of the device. "It's difficult to tell who/where the malicious code came from".

"I agree that they'll make so little on crypto-mining, so perhaps it's volume?" Brown suggested to El Reg. "I suspect the software can do more though, like banner ad clicking."

El Reg asked Xgody whether it was able to provide any reassurance to other potential purchasers of its tech that might be concerned about Brown's experience. We'll update this story as and when we learn more. ®




Biting the hand that feeds IT © 1998–2018