This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining

Alexander Marsalek; Edona Fasllija; Dominik Ziegler

doi:10.5220/0009829303880396

This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining

Alexander Marsalek, Edona Fasllija, Dominik Ziegler

2020

Abstract

The Electroneum cryptocurrency provides a novel mining experience called “cloud mining”, which enables iOS and Android users to regularly earn cryptocurrency tokens by simply interacting with the Electroneum app. Besides other security countermeasures against automated attacks, Electroneum requires the user to upload selfies with a predefined gesture or a drawing of a symbol as a prerequisite for the activation of the mining process. In this paper, we show how a malicious user can circumvent all of these security features and thus create and maintain an arbitrary number of fake accounts. Our impersonation attack particularly focuses on creating non-existing selfies by relying on Generative Adversarial Network (GAN) techniques during account initialization. Furthermore, we employ reverse engineering to develop a bot that simulates the genuine Electroneum app and is capable of operating an arbitrary number of illegitimate accounts on one Android device, enabling the malicious user to obtain an unfairly large payout.

Download

Paper Citation

in Harvard Style

Marsalek A., Fasllija E. and Ziegler D. (2020). This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining.In Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT, ISBN 978-989-758-446-6, pages 388-396. DOI: 10.5220/0009829303880396

in Bibtex Style

@conference{secrypt20,
author={Alexander Marsalek and Edona Fasllija and Dominik Ziegler},
title={This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining},
booktitle={Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT,},
year={2020},
pages={388-396},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009829303880396},
isbn={978-989-758-446-6},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications - Volume 3: SECRYPT,
TI - This Selfie Does Not Exist: On the Security of Electroneum Cloud Mining
SN - 978-989-758-446-6
AU - Marsalek A.
AU - Fasllija E.
AU - Ziegler D.
PY - 2020
SP - 388
EP - 396
DO - 10.5220/0009829303880396