The FBI issues a warning on public charging stations for smartphones.
The explosion in the number of smartphones has given rise to numerous charging stations in public spaces. According to a recent warning issued by the FBI, recharging your phone on a USB port made available in a hotel, an airport or a coffee shop presents certain risks. Malicious people would be able to infiltrate the smartphone in this way and introduce malware and remote control applications.
Infiltration and injection of malware into the smartphone by hacker charging stations
If you had to remember only one piece of advice from the FBI’s warning, it would be to always connect your smartphone using its own cable accompanied by its wall charging block. Known as English juice jacking, which could be translated as the act of infiltrating a mobile device by injecting a script through the USB cable by which it is recharged, this act was first spotted in 2011. At the time, during the DefCon event, cybersecurity researchers had developed a charging station that already demonstrated this vulnerability. Over the years, our smartphones contain more and more confidential information, whether it takes the form of photos, messages, our Internet browsing history and worse, our banking data.
The latest research shows that a tampered charging station is able to retrieve the content of open tabs on a smartphone’s web browser in less than 10 seconds. A one-minute charge time on one of these USB ports is already enough to compromise someone’s phone.
If the frequency of type attacks juice jacking in public charging places is not established, repeated warnings from authorities in different countries demonstrate the reality of the risk taken by users. The state of California, India and Nigeria have indeed already launched the alert in the past.
Use your own equipment to avoid any intrusion
Tony Coulson, director of the Cybersecurity Center for California State University, thinks we should all think of our phones as bank cards. No one would think of pulling out their credit card and putting it in an unsecured place. According to him, it is possible to make the link between this practice and the hacking of bank cards by the magnetic stripe. Like the latter, USB technology is not new. This gives it great vulnerability since it does not have a high level of internal security.
If you have ever used a USB charging port in public space and you find that your battery is draining faster than before, it may be worth carrying out some investigations into the heart of the smartphone. Other symptoms may be related to a malicious infiltration of the device, we will note a palpable slowdown of applications, frequent overheating, parameters modified without action on your part or even an abnormally high use of mobile data.
To guard against this type of cyberattack, Coulson recommends choosing a newer charging technology like USB-C or taking a drastic solution, buying a USB cable that doesn’t transfer data. Remember that when you plug your smartphone into an external socket, you sometimes receive a notification that asks if the connected device is trusted. Unless your device is connected to your personal computer, it is customary to always say no in order to keep your data safe.
As a last resort, if you have no choice but to charge your smartphone on a public USB terminal, it may be useful to check the inside of the cable connectors. A USB cable has four connectors. Two for charging and two for data transfer. While most cables have four connectors, some have only two. If so, this is a charging only cable and the risk of hooking it up to your phone is minimal.
Source : The Washington Post
8