Smartphones at risk of data hack via USB charging port

Kaspersky revealed devices could be attacked when charging them at public facilities at airports, cafes and on public transport

Kaspersky has revealed smartphones and devices can be hacked when they're charged at public charging points such as airports, cafes and shopping centres and other places.

The company tested devices running different versions of iOS and Android to see what data is transferred while connected to a Mac or PC for charging.

Kaspersky researchers discovered that a large amount of data is sent to the computer when it's first plugged in, including the device name, device manufacturer, device type, serial number, firmware information, operating system information, file system/file list and electronic chip ID.

Although the extent of the data that moves to the computer during this 'handshake' varies according to manufacturer and version of the operating system in use, it still transferred the device name, manufacturer and serial number in all cases.

Advertisement
Advertisement - Article continues below

Kaspersky discovered that although this isn't a direct security risk if only a few of the details were syphoned off by hackers, the fact the version of firmware in use and unique device identifier could mean hackers are able to target the device with a specific exploit.

This proof of concept was first uncovered in 2014 when researchers were able to infect devices with malware using AT commands via fake charging stations in public places, but it would seem the method would still work.

"It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected through the USB, the concept still works," Alexey Komarov, researcher at Kaspersky Lab said.

"The security risks here are obvious: if you're a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you're a decision-maker in a big company, you could easily become the target of professional hackers."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/mobile/20522/best-android-smartphones
Google Android

Best Android smartphones 2019

20 May 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019