Beware public mobile charging points - your phone can be hacked in minutes


Your smartphone can be easily hacked easily if you plug it in to charge via USB at a public place like an airport, cafe or on public transport.

Researchers at security firm Kaspersky Labs found that they could install a third-party application, like a virus, onto the phone via its USB cable connection to a computer. It took them under three minutes. 

They also found that the Android and iOS phones tested leaked a host of private data to the computer they were connected to whilst charging, including the device name, device manufacturer, device type, serial number and even a list of files. 

It's well known that public Wi-Fi connections are a security risk, as thisiPhone-crashing bug showed, but USB connections to PCs are also a major vulnerability.  This idea was proposed by hackers as a theory in 2014 but never proven. This new research shows this vulnerability is still open.



"The security risks here are obvious: if you’re a regular user, you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware. And, if you’re a decision-maker in a big company, you could easily become the target of professional hackers," said Alexey Komarov, researcher at Kaspersky Lab.

"And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet."

Hackers have already exploited this connection: in 2013, Italian hackers known as "The Hacking Team" were able to infect a phone with malware through a computer connection.

They plotted the attack based on the device model of the victim, which the hackers managed to get through the USB-connected computer. "That would not have been as easy to achieve if smartphones did not automatically exchange data with a PC upon connecting to the USB port," Kaspersky Labs said. 

How to protect yourself

* Only plug your phone into trusted computers, using trusted USB cables

* Protect your mobile phone with a password, or with another method such as fingerprint recognition, and don’t unlock it while charging.

* Use encrypted apps like WhatsApp and iMessage to communicate

* Antiviruses can be a bore, but they help to detect malware even if a “charging” vulnerability is used.

* Update your mobile operating system to the most recent version, as that will have the most up-to-date bug fixes.

Download File