Beware public mobile charging points – your phone can be hacked in minutes

Back to Blog

Your smartphone will be easily hacked easily if you plug it in to charge via USB at a public place like a Train, restaurant or on public transport.

Some conditions, like a completely charged battery, facilitate a fast and accurate penetration, whereas others, such as tapping the screen while a page is loading, reduce hackers’ ability to determine what website is being viewed. The vital finding from the study is that such an attack is carried out successfully, researchers said.

Beware public mobile charging points - your phone can be hacked in minutes

In the study, the slower, less accurate attempts at penetration were still accurate at intervals six seconds about the time. “Although this was an early study of power use signatures, it’s terribly likely that data besides browsing activity may also be stolen via this side channel,” said Gasti. “Since public USB charging stations are so widely used, people have to be compelled to be aware that there can be security problems with them. for example, informed users may choose not to browse the net while charging,” he said.

Researchers at security firm Kaspersky Labs found that they may install a third-party application, sort of a virus, onto the phone via its USB cable connected to a pc. It took them below 3 minutes.

They also found that the Android and iOS phones tested leaked a bunch of personal information to the pc they were connected to while charging, as well as the device name, device type, device manufacturer, serial number and even a list of files.

It’s well known that public Wi-Fi connections are a security risk, as this iPhone-crashing bug showed, however USB connections to PCs are also a significant vulnerability. this idea was projected by hackers as a theory in 2014 but never proven. This new analysis shows this vulnerability remains open.

  • The ‘effective power’ string of Arabic text would crash a friend’s iPhone if they were sent it in May 2015
  • A prank website crashed iPhones and influence other phones and devices in January 2016
  • Many iPhone half-dozen users who had their touchscreens replaced by third parties are hit by the ‘Error 53’ message that disables an iPhone if touch ID has been tampered with
  • Changing the date to January 1, 1970, on iPhone 5s and later renders the iPhone useless when it is rebooted
  • Apple released an emergency update to its software in August 2016 after the “most refined spyware” ever seen was used to try and attempt to break into the phone of an Arab activist

“The security risks here are obvious: if you’re a daily user, you’ll be tracked through your device IDs; your phone could be silently filled with anything from adware to ransomware. And, if you’re a decision-maker in a huge company, you may easily become the target of skilled hackers,” said Alexey Komarov, a researcher at Kaspersky laboratory.

“And you don’t even have to be highly skilled in order to perform such attacks, all the information you wish will easily be found on the web.”

Hackers have already exploited this connection: in 2013, Italian hackers called “The Hacking Team” were ready to infect a phone with malware through a pc connection.

They premeditated the attack based on the device model of the victim, that the hackers managed to induce through the USB-connected pc. “That wouldn’t have been as straightforward to achieve if smartphones did not automatically exchange data with a computer upon connecting to the USB port,” Kaspersky Labs said.

How to shield yourself

  • Only plug your phone into trustworthy computers, using trusted USB cables
  • Protect your mobile with a password, or with another methodology like fingerprint recognition, and don’t unlock it while charging.
  • Use apps which are encrypted like WhatsApp and iMessage to communicate
  • Antiviruses may be a bore; however, they assist to detect malware even if a “charging” vulnerability is employed.
  • Update your mobile operating system to the most recent version, as that may have the most up-to-date bug fixes.
social position advance

Share this post

Back to Blog