Travelers beware! That free charging station could hack your phone

If you travel frequently, you know the feeling — your battery is running out and you need a charge. A free charging station many seem like a lifesaver, but beware — it could leave you vulnerable.

Many airports, convention centers and public places now have free charging stations, complete with different cables to charge a variety of smartphones. Unfortunately, hackers could rig those stations to watch every move you make while connected to the charging station, according to security experts.

“You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded,” said Brian Markus, who discovered the threat along with colleagues. Markus is the CEO of cybersecurity company Aries Security.

The researchers call the threat video jacking.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,” he said.

Here is how it works: The cybercriminal needs to hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station. Most smartphones are now HDMI-enabled so you can share images from the phone onto a TV. Once plugged in, the station uses the built in HDMI to record everything done on the smartphone without the user’s knowledge.

Brian Markus, the CEO of Aries Security, demonstrates how video jacking works.

Source: CNBC Video
Brian Markus, the CEO of Aries Security, demonstrates how video jacking works.

“There’s no security prompting asking the user if they’re sure that they want to allow this to go out,” said Markus.

HDMI is usually automatically enabled on smartphones.

Markus and his team discovered the threat by looking at automatically enabled features and then realized the potential vulnerability.

To test the threat, Markus built a sample charging station rigged with HDMI using parts readily available online.

Markus demonstrated the charging station for CNBC using an iPhone, Samsung Galaxy phone and a Google phone.

Google declined to comment and Apple and Samsung did not respond to CNBC’s request.

A free charging station set up by researchers to prove the vulnerability

Source: CNBC Video
A free charging station set up by researchers to prove the vulnerability

As of now, no victims have come forward, but they may not even know they were attacked via video jacking.

Markus said he presented his results to raise awareness.

“One thing that I’m very sure of is if I don’t think of something and I don’t talk about it publicly, somebody else will, and it’s much safer for us to expose these risks,” he said.

To protect yourself, bring your own charging cable and plug it directly into an outlet. Carrying a battery pack will also protect your personal information.

This entry was posted in Cybersecurity. Bookmark the permalink.

Leave a Reply