Experts from Kaspersky Lab have conducted an experiment to demonstrate the risks for charging mobile devices with untrusted USB charging points and PCs.
A simple operation like charging mobile Smartphone could expose users at serious risks. It is not a novelty, mobile devices could be hacked while owners are charging them by using a standard USB connection hooked up to a computer.
It is easy to find freely available charging points at public places, such as airports, cafes, and public transport, but often users ignore the risks.
Security experts from Kaspersky Lab have demonstrated it in a proof-of-concept experiment conducted to explain the exposure to such kind of attacks.
The experts analyzed a number of smartphones running various versions of Android and iOS operating systems in order to understand which kind of data it is possible to exfiltrate from such devices while connected to a computer for charging.
The results of the tests are very interesting, mobile devices share a lot of data to the computer while they are connected, in particular during the ‘handshake’ phase. The researchers discovered that it is possible to collect a large number of data while charging mobile devices, including:
DN – Device Name
DM – Device Manufacturer
DT – Device Type
SN – Serial Number
FW – Firmware info
OS – Operating System info
FS – File system info/file list
ECID – Electronic Chip ID
below the table shared by Kaspersky:
| Device | Device OS | Mode | Host OS | Data size (bytes) | Data type |
| Nexus 5 | Android 4.4 | MTP (default) | Windows 8.1 | 32 336 | DN, DM, DT, SN, FS |
| MTP (unblocked) | Windows 8.1 | 32 155 | DN, DM, DT, SN, FS |
| MTP + ADB | Windows 8.1 | 11 946 | DN, DM, SN |
| MTP (default) | Windows 10 | 8 827 | DN, SN |
| MTP (unblocked) | Windows 10 | 242 206 | DN, SN, FS |
| MTP + ADB | Windows 10 | 10 582 | DN, SN, FW |
| MTP (default) | OSX 10.9 | 1 213 | DN, DM, DT, SN |
| MTP (unblocked) | OSX 10.9 | 581 | DN, DM, DT, SN |
| Nexus 6 | Android 6.0.1 | Charging only (default) | Windows 8.1 | 8 965 | DN, DM, SN |
| MTP (unblocked) | Windows 8.1 | 39 418 | DN, DM, DT, SN, FS |
| Charging only (default) | Windows 10 | 8 975 | DN, SN |
| MTP (unblocked) | Windows 10 | 91 342 | DN, SN, FS |
| Charging only (default) | OSX 10.9 | 14 000 | DN, DM, DT, SN |
| MTP (unblocked) | OSX 10.9 | 7 674 | DN, DM, DT, SN |
| Samsung Galaxy S4 | Android 5.0.1 | MTP (default) | Windows 8.1 | 4 098 | DN, DM, DT, SN |
| MTP (default) | Windows 10 | 7 740 | DN, DM, DT, SN, FS, FW |
| Apple iPhone 5 | iOS 9.1 | Default (locked) | Windows 8.1 | 5 001 | DN, DM, SN |
| Default (locked) | OS X 10.9 | 83 272 | DN, DM, DT, SN, OS, ECID, device public key |
| Unblocked + Paired | Windows 8.1 | 1 829 145 | UniqueChipID, device class, iOS version, SessionID, device model, File System total size, File system free space |
| Unblocked + Paired | OS X 10.9 | 23 223 | DN, DM, DT, SN, OS, ECID, device public key |
In 2014, during the Black Hat conference, the researcher Andre Pereira demonstrated that it is possible to infect a smartphone by simply plugging it into a fake charging station.
The researcher used AT commands, commonly used to talk with the modem in mobile devices, to compromise the smartphone.
The experts from Kaspersky used the same technique to compromise the smartphone by using a PC and a standard micro USB cable. The experts used a set of AT-commands to re-flash a smartphone and silently installs a root application to gain full control of the smartphone.
The researchers noticed that incidents involving bogus charging stations have not been yet reported in the wild, meanwhile security firms have already spotted cyber attacks relying on this attack scenario.
The technique was used by the Hacking Team for its attacks and also by the Red October APT.
The experts explained that retrieving information on the specific mobile connected to a PC would allow hackers to choose a specific exploit to compromise the mobile devices.
“It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected though the USB, the concept still works. The security risks here are obvious: if you’re a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,” – explained Alexey Komarov, researcher at Kaspersky Lab. “And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet,” he concludes.
In summary, infect your smartphone while charging may be too simple, for this reason, follow the advises provided by Kaspersky.
- Use only trusted USB charging points and computers to charge your device;
- Protect your mobile phone with a password and don’t unblock it while charging;
- Use encryption technologies and secure containers (protected areas on mobile devices used to isolate sensitive information) to protect the data;
- Protect both your mobile device and your PC/Mac from malware with the help of a proven security solution. This will help to detect malware even if a “charging” vulnerability is used.
[adrotate banner=”9″]
Pierluigi Paganini
(Security Affairs – Charging Mobile Devices, hacking)