This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining

Alexander Marsalek; Edona Fasllija; Dominik Ziegler

doi:10.5220/0009829303880396

This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining

Alexander Marsalek, Edona Fasllija, Dominik Ziegler

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to ob tain an unfairly large payout

Original language	English
Title of host publication	Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT
Publisher	SciTePress - Science and Technology Publications
Pages	388-396
Volume	3
ISBN (Electronic)	978-989-758-446-6
DOIs	https://doi.org/10.5220/0009829303880396
Publication status	Published - 2020
Event	17th International Conference on Security and Cryptography - Virtuell, France Duration: 8 Jul 2020 → 10 Jul 2020

Conference

Conference	17th International Conference on Security and Cryptography
Abbreviated title	SECRYPT 2020
Country/Territory	France
City	Virtuell
Period	8/07/20 → 10/07/20

Access to Document

10.5220/0009829303880396Licence: CC BY-NC-ND 4.0

PaperAccepted author manuscript, 5.58 MBLicence: CC BY-NC-ND 4.0

A-SIT - Secure Information Technology Center Austria
Stranacher, K., Dominikus, S., Leitold, H., Marsalek, A., Teufl, P., Bauer, W., Aigner, M. J., Rössler, T., Neuherz, E., Dietrich, K., Zefferer, T., Mangard, S., Payer, U., Orthacker, C., Lipp, P., Reiter, A., Knall, T., Bratko, H., Bonato, M., Suzic, B., Zwattendorfer, B., Kreuzhuber, S., Oswald, M. E., Tauber, A., Posch, R., Bratko, D., Feichtner, J., Ivkovic, M., Reimair, F., Wolkerstorfer, J. & Scheibelhofer, K.
21/05/99 → 6/08/20
Project: Research area

Cite this

This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining. / Marsalek, Alexander; Fasllija, Edona; Ziegler, Dominik.
Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT. Vol. 3 SciTePress - Science and Technology Publications, 2020. p. 388-396.

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Marsalek, A, Fasllija, E & Ziegler, D 2020, This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining. in Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT. vol. 3, SciTePress - Science and Technology Publications, pp. 388-396, 17th International Conference on Security and Cryptography, Virtuell, France, 8/07/20. https://doi.org/10.5220/0009829303880396

@inproceedings{a0cda13f5cbb447eb6fcc1d050c10c9d,

title = "This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining",

abstract = "The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to ob tain an unfairly large payout",

author = "Alexander Marsalek and Edona Fasllija and Dominik Ziegler",

year = "2020",

doi = "10.5220/0009829303880396",

language = "English",

volume = "3",

pages = "388--396",

booktitle = "Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT",

publisher = "SciTePress - Science and Technology Publications",

note = "17th International Conference on Security and Cryptography, SECRYPT 2020 ; Conference date: 08-07-2020 Through 10-07-2020",

}

TY - GEN

T1 - This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining

AU - Marsalek, Alexander

AU - Fasllija, Edona

AU - Ziegler, Dominik

PY - 2020

Y1 - 2020

N2 - The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to ob tain an unfairly large payout

AB - The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to ob tain an unfairly large payout

U2 - 10.5220/0009829303880396

DO - 10.5220/0009829303880396

M3 - Conference paper

VL - 3

SP - 388

EP - 396

BT - Proceedings of the 17th International Joint Conference on e-Business and Telecommunication: SECRYPT

PB - SciTePress - Science and Technology Publications

T2 - 17th International Conference on Security and Cryptography

Y2 - 8 July 2020 through 10 July 2020

ER -

This Selfie Does Not Exist - On the Security of Electroneum Cloud Mining

Abstract

Conference

Access to Document

Fingerprint

Projects

A-SIT - Secure Information Technology Center Austria

Cite this