Power banks could infect your smartphone with malware

Chinese ministry warns that power banks could infect devices with trojans to that steal personal data

A smartphone charging in a bag via a white power bank

Power bank users have been warned that some of these devices could infect smartphones and tablets with viruses while plugged in.

According to a warning sent out by China’s Cybersecurity Bureau of the Ministry of Public Security on its official WeChat account, hackers may implant Trojans to steal victims’ personal information on mobile power banks.

In a South China Morning Post report, the mobile power banks in question are those users can rent in public places, such as shopping malls, theme parks, and airports, to charge their smartphones on the go. Once the user finishes with the power bank, they return it to a charging station to recharge for the next user, which means potentially thousands of users share these power banks.

The ministry didn’t provide any real-world examples of the issue, but Riccardo Spolaor, an assistant professor at the Shandong University School of Computer Science and Technology said hackers could access a victim’s device “if they take control of the USB port or the power bank that you are using.”

Police at the Cybersecurity Bureau said the users should note if a power bank triggers permission requests to access certain parts of a phone once plugged in.

Jamie Akhtar, CEO and co-founder of CyberSmart, told ITPro that while this threat may not yet be widespread, it is certainly one to be wary of. 

“It is critical that individuals are selective in what they introduce to their devices. That is, they should never insert an unknown USB, hard drive, or in this case, a power bank, without first vetting it,” he said.

Related Resource

Go further with mobile marketing

Easy steps to get your mobile strategy up-to-speed

Easy steps to get your mobile strategy up-to-speed - whitepaper from OracleDownload now

Akhtar added that of late, we have also seen an increase in unexpected deliveries. “While this may just be a ‘brushing scam’ to improve a seller’s reviews, there may also be more malicious intentions behind the scheme whereby a cybercriminal essentially hand-delivers malware in the form of a ‘free’ power bank.”

Javvad Malik, a security awareness advocate at KnowBe4, told ITPro that he has seen several attack avenues designed to steal information or install malware that leverage external devices plugged into phones, tablets, and laptops.

“Innocent-looking phone charging cables or power banks serve as a great way to compromise a device. While attacks of this nature may not be widespread, it is something that could be used in targeted attacks, particularly against executives, politicians, or key employees. Which is why it's worthwhile to be aware of the threats and be cautious by only travelling with your own cables and power banks,” he added.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021
Russia missing from US-organized international ransomware event
ransomware

Russia missing from US-organized international ransomware event

13 Oct 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021