Smartphones and other devices can be hacked into whilst they are charging at public charging points such as ones found at airports, in cafes or on public transport, new research has revealed.
Kaspersky Lab ran tests and found that Android and iOS phones leak a whole litany of private data to computers they are connected to whilst charging, including the device name, device manufacturer, device type, serial number, firmware information, operating system information, file system/file list, electronic chip ID.
The international software security group said that “although information about actual incidents involving fake charging stations has not been published, the theft of data from mobiles connected to a computer has been observed in the past.”
It took the team under three minutes to silently install a “root application” on a test smartphone via its USB cable connection to a computer.
“It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected though the USB, the concept still works.
“The security risks here are obvious: if you’re a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,” warns Alexey Komarov, researcher at Kaspersky Lab.
“And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet,” he concludes.
How to protect yourself. Kaspersky Lab advises the following:
Use only trusted USB charging stations and computers to charge your device;
Protect your mobile phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging;
Use encryption technologies and secure containers (protected areas on mobile devices used to isolate sensitive information) to protect the data;
Protect both your mobile device and your PC/Mac from malware with the help of a proven security solution. This will help to detect malware even if a “charging” vulnerability is used.