31.38KB
29 downloads
You’re out and about, and your smartphone’s battery is about to die. Maybe you’re at an airport, hotel, or shopping mall....or hacker convention! You don’t have the power cable needed to charge the device, but you do have a USB cord that can supply the needed juice. Then you spot it!! An oasis: A free or paid charging kiosk.
Do you hesitate before connecting your smart phone to this unknown untrusted device?? Well? ......DO YOU?
Did you consider for a moment that it could be configured to read most of the data on your phone, and perhaps even upload malware? Hey...We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes.
Several Security professionals were asked this question while research for this story was being conducted. They said they use these charging kiosks all the time (usually while on travel) but would definitely think twice after being brought aware of the malicious possibilities.
Granted, a charging kiosk at an airport may be less suspect than, say, a slightly sketchy-looking tower of power stationed at DefCon (the infamous hacker conference). some people will brave nearly any risk to power up their mobiles. In the three and a half days of this year’s DefCon, at least 360 attendees plugged their smartphones into the charging kiosk built by the same guys who run the infamous Wall of Sheep, a public shaming exercise at DefCon aimed at educating people about the dangers of sending email and other online communications over open wireless networks.
Brian Markus, president of Aires Security, said he and fellow researchers Joseph Mlodzianowski and Robert Rowley built the charging kiosk to educate attendees about the potential perils of juicing up at random power stations.
The Motivation behind the experiment explained:
“We’d been talking about how dangerous these charging stations could be. Most smartphones are configured to just connect and dump off data,” Markus said. “Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device.”
To make their charging station more attractive to passersby, Markus and his pals equipped it with a variety of charging cables to fit the most popular wireless devices. When no device was connected, the LCD screen fitted into the charging station displayed a blue image with the words “Free Cell Phone Charging Kiosk.”
103.77KB
32 downloads
The screen switched to a red warning sign when users plugged in any devices. The warning message read:
“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”
245.74KB
33 downloads
Markus said the comments from those who chose to juice up their phones at the kiosk were the most rewarding part of the project.
“One attendee claimed his phone had USB transfer off and he would be fine. When he plugged in, it instantly went into USB transfer mode,” Markus recalls. “He then sheepishly said, ‘Guess that setting doesn’t work.’”
Another DefCon attendee remarked, “This freaked my boss out so much he sent an email across the entire company stating employees are now required to bring power cables and/or extra batteries on travel, and no longer allowed to use charging kiosks for smart devices in open public areas.”
The safest route for charging your device on-the-go is to use the supplied power cord that plugs into a regular electrical outlet (assuming you can find an available outlet). Battery-powered mobile charging devices also work well in a pinch and are available at many airports. If you must use a random charging kiosk, the safest option may be to completely power off the device before plugging it in.
Another alternative is gaining in popularity..... "USB Condoms"
They prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through. Thus, these "USB Condoms" prevent attacks like "juice jacking".
Use USB-Condoms to:
- Charge your phone on your work computer without worrying...
- Use charging stations in public without worrying...
If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-)
Via:
.gif)
