Public USB-charging hacks back on the radar

Kaspersky Labs proves a reported USB-charging hack works—even if the phone is locked. It warns against using untrusted charging points and computers.

Public USB-charging hacks back on the radar
Credit: ThinkStock

Smartphones can indeed be hacked via public USB-charging ports found around public facilities such as airports, parks and coffee shops, says a computer security firm. Additionally, any PC used for charging can perform the exploit.

Hacks of this kind, first publicly written about in 2011, and called "juice-hacking" then, are not a myth, Kaspersky Lab says. That’s despite an apparent lack of reported cases.

The security company, known for its antivirus products, says it has proven that forms of the hack can variously make illicit calls, suck files off a device and in its simplest rendition, capture a phone’s unique identifiers, such as a serial number.

The firm recommends its customers stop using untrusted charging points and computers.

Locking your phone while charging doesn't make it secure

Legend goes that if you lock your device with the password during the public charge, the device is safe. That’s true to a certain extent: Locking the device does stop the host learning about files and folders, Kaspersky explains. However, incoming text messages wake the phone up, among other things, it points out. And it questions whether people really do stop using their phone during the charge.

In any case, files and folders being available without password protection is only the tip of the iceberg, according to Kaspersky. Some data is still transmitted when the device is in charge-only mode.

AT-commands are at the heart of the intrusion, according to Kaspersky Lab in a blog post. They’re the short text-string instructions used to control a traditional modem.

AT-commands are used by every modem, which is just what a smartphone is. Through those commands, Kaspersky discovered that not only can an attacker get the phone number and download the SIM card’s contact list, but the attacker can also call any number. That could be an expensive proposition, especially when roaming.

“Such surprise calls may quickly drive your balance into the red,” the blog post says. And it’s “possible even if your smartphone remains locked.”

The researchers have identified a little-known COM-port on at least one type of phone. That COM-port functions as the interface to the modem, the firm believes. That’s even when “the phone had no USB tethering enabled, and no developer mode or ADB (USB debugging) enabled either,” the company says on its Securelist website.

Some AT commands were restricted, but enough commands were available to let the researcher find out the phone’s telephone number and to reboot the phone into a firmware update. The researcher was able to perform a package install in three minutes.

“What if it installed a system daemon, instead of some package?” writes researcher Alexy Komarov in the Securelist post. “What if it installed a backdoor? Sharing everything on your phone with someone sitting on the other side of the world?”

Other “destructive actions, such as wiping the phone, deleting data, encrypting data and asking for a ransom,” could be achieved, he says. “The possibilities are infinite.”

This article is published as part of the IDG Contributor Network. Want to Join?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.