JNow they even reveal their best tricks: Before Easter, the American FBI warned on Twitter against using public smartphone charging stations at airports, hotels or shopping centers. Malicious contemporaries could use the USB connection to upload malware or surveillance software to the cell phone. Always use your own cables and chargers. The note is extremely justified, especially when using an Android smartphone.
The infiltration of smartphones with prepared charging cables has been commonplace in the intelligence world for more than a decade. Installing malware or spying on devices is not the only problem. The operator of a charging station can use the simplest of means to record which smartphones are connected to his cable with which operating system. The first hints of this threat came from security researcher Brian Krebs, who described it as “juice jacking” back in 2011.
Numerous security conferences have shown that the spying technology actually works. In 2012, Kyle Osborn demonstrated how it is possible to unlock and extract data from a locked android using a USB cable. In 2013, at the Black Hat security conference, the Georgia Institute of Technology released a proof-of-concept malware called Mactans: a malicious charger that could infect an iPhone with malware while it was charging. At that time, the software was able to bypass almost all security measures built into iOS and mask itself like a real background process of the operating system.
Since then, Google and Apple have taken intensive measures to make juice jacking more difficult. It probably won’t be able to be stopped completely. Recently, there are prepared charging cables in relevant circles that contain a mini circuit board with a WLAN chip and its own web server. In this way, the connected target device can be spied out by radio even from a great distance. Previously, older variants had used Bluetooth for data transmission, but its range is shorter.
If you want to protect yourself, you should only use your own charging cable and charger. Special cables promise that only electricity would be transmitted with them, so the data functions are capped. So-called USB condoms, which are inserted between the charging cable and the device socket, take a similar approach. They too should only pass on the current and block the data lines of the USB cable. However, security researchers have already undermined these two protective mechanisms.