Smartphones at risk of data hack via USB charging port

Kaspersky revealed devices could be attacked when charging them at public facilities at airports, cafes and on public transport

Kaspersky has revealed smartphones and devices can be hacked when they're charged at public charging points such as airports, cafes and shopping centres and other places.

The company tested devices running different versions of iOS and Android to see what data is transferred while connected to a Mac or PC for charging.

Advertisement - Article continues below

Kaspersky researchers discovered that a large amount of data is sent to the computer when it's first plugged in, including the device name, device manufacturer, device type, serial number, firmware information, operating system information, file system/file list and electronic chip ID.

Although the extent of the data that moves to the computer during this 'handshake' varies according to manufacturer and version of the operating system in use, it still transferred the device name, manufacturer and serial number in all cases.

Kaspersky discovered that although this isn't a direct security risk if only a few of the details were syphoned off by hackers, the fact the version of firmware in use and unique device identifier could mean hackers are able to target the device with a specific exploit.

This proof of concept was first uncovered in 2014 when researchers were able to infect devices with malware using AT commands via fake charging stations in public places, but it would seem the method would still work.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected through the USB, the concept still works," Alexey Komarov, researcher at Kaspersky Lab said.

"The security risks here are obvious: if you're a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you're a decision-maker in a big company, you could easily become the target of professional hackers."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/node/355040
business apps

Is there still an app for that?

26 Mar 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/mobile/mobile-phones/354997/the-business-smartphone-is-dead
Mobile Phones

The business smartphone is dead

13 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020