A massive threat which exposes unsuspecting smartphone users to data theft, privacy invasion or worse was revealed this month,
The hack occurs when a user plugs their smartphone directly into a regular USB charging port – the type found in power outlets in airports around the globe – that has been compromised by a malicious device, which then siphons data from the newly attached smartphone.
This includes a variety of user data, such as photos, emails, text messages, app data and any passwords stored locally on the device, and can occur without the user ever being aware.
Think of it like plugging your smartphone into your laptop or computer at home; you can browse everything on the handset from your computer, without ever being alerted by your smartphone.
How they do it
Dubbed ‘Juice Jacking’, the vulnerability was demonstrated last week at the annual RSA Security Conference, in San Francisco, when security outfit Authentic8 set up a number of USB power outlets for attendees to charge their mobile devices.
“Just by plugging your phone into a [compromised] power strip or charger, your device is now infected, and that compromises all your data,” Authentic8 Head of Marketing, Drew Paik, told CNN.
This hack was also proven by another security firm, Kaspersky Lab, in 2016, when engineers successfully installed malicious software on a smartphone via a connected charging cable. It took them under three minutes.
“The security risks here are obvious … your phone could be silently packed with anything from adware to ransomware. And, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,” said Alexey Komarov, researcher at Kaspersky Lab.
“And you don’t even have to be highly-skilled in order to perform such attacks – all the information you need can easily be found on the internet.”
When a smartphone is connected to a USB port, a ‘handshake’ occurs, where the device relays hardware and software information to the USB port so that connected hardware – usually a computer – knows what kind of device is now attached and how to communicate with it.
Using this information, a compromised USB port can then select the appropriate method to defeat security and install malicious software on the device, or simply siphon data from the handset.
Protect yourself from invasion
With a little preparation and the right equipment, it’s relatively easy to protect yourself from a hacking attempt such as this.
- Make sure all your mobile devices are completely charged before travelling
- Use a portable back-up battery to charge mobile devices on the go
- Use public USB ports to charge back-up batteries only, THEN charge your mobile device
- Only plug your smartphone into a trusted computer to charge
- Use the original smartphone wall charger to charge your phone
- If you must charge your smartphone at a public USB port, do not unlock your handset