These days, airports, restaurants, and even buses have charging stations USB. But are they safe? If you use one of these, could your phone or tablet be compromised? The iguru team did the testing for you and presents the results!
Many experts draw attention
Some experts believe that you should be concerned if you have used a public charging station USB. Researchers from IBM's penetration testing team, X-Force Red, have issued some warnings about the dangers associated with public charging stations.
"The connection to a public port USB "It's like finding a toothbrush on the side of the road and deciding to put it in your mouth," said Caleb Barlow, vice president of X-Force Red. "You have no idea where this thing was."
Barlow points out that the doors USB they not only transfer power, but also transfer data between devices.
With a little technological "intelligence", you can change a port USB and launch malware on a connected phone. This is especially true if the device is running Android or an older version of iOS and does not have the necessary security updates.
Sounds scary, but these warnings are based on real concerns:
From theory to practice
Well, attacks based on USB against mobile devices are purely theoretical? The answer is a resounding no.
Security researchers have long considered charging stations to be potential points of attack. In 2011, veteran infosec journalist Brian Krebs coined the term "jacking jack" to describe techniques that use these attacks. As mobile devices are now ubiquitous, many researchers have focused on this point.
In 2011, the Wall of Sheep, at the Defcon Security Conference, created a charging chamber that, when in use, displayed a pop-up window on the device warning of the dangers of connecting to unreliable devices.
Two years later, at the Blackhat USA event, researchers from Georgia unveiled a tool that could disguise itself as a charging station and install malware on a device running the latest version of iOS.
I could go on, but you already understand. The most important question is whether the discovery of "Juice Jacking" exists in real attacks. This is where things get a little darker.
Understanding the risk
Although "jacking jack" is a popular field for security researchers, there are no documented examples of attackers using this approach. Much of the media coverage focuses on evidence from researchers working at institutions such as universities and information security companies. This is probably because it is inherently difficult to "arm" a public charging station.
To hack a public charging station, an attacker would have to acquire specific hardware (such as a miniature computer for malware development) and install it without being detected. Try to do it at a busy international airport, where passengers are checked and security seizes tools at check-in. Cost and risk make the jacking jack unsuitable for attacks aimed at the general public.
There is also the argument that these attacks are relatively ineffective. They can only infect devices that are plugged into a charging socket. In addition, they often rely on operating system security vulnerabilities.
Realistically, if a hacker gains access to a public charging station, he or she is most likely doing so for a targeted attack on a high-value person, not for a casual traveler who simply wants to charge his or her device.
The purpose of this article is not to downplay the security risks posed by mobile devices. The smartphones they are used sometimes for the spread of malware. There have also been cases of phone infections when connecting to a computer that "hosts" some malware.
In a 2016 Reuters article, Mikko Hypponen of F-Secure described a highly malicious strain of Android malware that affected a European aircraft manufacturer.
"Hypponen reported that he recently spoke with a European aircraft manufacturer who told him that he cleans the cockpits of his planes every week from malware designed for Android phones. Malware spread to airplanes only because pilots were charging their phones with the port USB in the cockpit ", the article stated.
"Because the plane uses a different operating system, nothing will happen to it. But it will transmit the virus to other devices connected to the charger. ”
You buy insurance for your home not because you expect it to fall, but because you have to be prepared for the worst case scenario. Likewise, you should take precautions when using charging stations. If possible, use a standard wall outlet, not a door USB. Otherwise, charge a portable battery, not your device.