These days, airports, restaurants, and even buses have USB charging stations. But are they safe? If you use one of these, could your phone or tablet be compromised? The iguru team did the testing for you and presents the results!
Many experts draw attention
Some experts believe that you should be concerned if you have used a public USB charging station. Researchers from IBM's penetration testing team, X-Force Red, have issued some warnings about the dangers associated with public charging stations.
"Connecting to a public USB port is like finding a toothbrush on the side of the road and deciding to put it in your mouth," said Caleb Barlow, vice president of X-Force Red. "You have no idea where this thing was."
Barlow points out that USB ports not only transfer power, but also transfer data between devices.
With a little technological "smartness", you can change a USB port and forward malware to a connected phone. This is especially true if the device is running Android or an older version of iOS and does not have the necessary security updates.
Sounds scary, but these warnings are based on real concerns:
From theory to practice
So are USB-based attacks on mobile devices purely theoretical? The answer is a resounding no.
Security researchers have long considered charging stations to be potential points of attack. In 2011, veteran infosec journalist Brian Krebs coined the term "jacking jack" to describe techniques that use these attacks. As mobile devices are now ubiquitous, many researchers have focused on this point.
In 2011, the Wall of Sheep, at the Defcon Security Conference, created a charging chamber that, when used, displayed a pop-up window on the device warning of the dangers of connecting to unreliable devices.
Two years later, at the Blackhat USA event, researchers from Georgia unveiled a tool that could disguise itself as a charging station and install malware on a device running the latest version of iOS.
I could go on, but you already understand. The most important question is whether the discovery of "Juice Jacking" exists in real attacks. This is where things get a little darker.
Understanding the risk
Although "jacking jack" is a popular field for security researchers, there are no documented examples of attackers using this approach. Much of the media coverage focuses on evidence from researchers working at institutions such as universities and information security companies. This is probably because it is inherently difficult to "arm" a public charging station.
To hack a public charging station, an attacker would have to acquire specific hardware (such as a miniature computer for malware development) and install it without being detected. Try doing it at a busy international airport, where passengers are checked and security seizes tools at check-in. Cost and risk make the jacking jack unsuitable for attacks aimed at the general public.
There is also the argument that these attacks are relatively ineffective. They can only infect devices connected to a charging socket. In addition, they often rely on operating system security vulnerabilities.
Realistically, if a hacker gains access to a public charging station, he or she is likely to do so for a targeted attack on a high value person, not for a casual traveler who simply wants to charge his or her device.
The purpose of this article is not to downplay the security risks posed by mobile devices. The smartphones they are used sometimes for the spread of malware. There have also been cases of phone infections when connecting to a computer that "hosts" some malware.
In a 2016 Reuters article, Mikko Hypponen of F-Secure described a highly malicious strain of malware on Android that affected a European aircraft manufacturer.
"Hypponen reported that he recently spoke with a European aircraft manufacturer who told him that he cleans the cockpits of his planes every week from malware designed for Android phones. "The malware spread to the planes only because the pilots were charging their phones with the USB port in the cockpit," the article said.
"Because the plane uses a different operating system, nothing will happen to it. But it will transmit the virus to other devices connected to the charger. ”
You buy insurance for your home not because you wait for the house to fall, but because you have to be prepared for the worst case scenario. Likewise, you should take precautions when using charging stations. If possible, use a standard wall outlet, not a USB port. Otherwise, charge a portable battery, not your device.