30 likes | 46 Views
Juice Jacking cyber-attack involves using a free public smartphone charging terminal for installing malware on your device using a USB charging port and copying all your data covertly. For more information read our blog
E N D
BEWARE PUBLIC MOBILE CHARGINGPOINTS –YOURPHONECANBEHACKEDINMINUTES Your smartphone will be easily hacked easily if you plug it in to charge via USB at a public place like a Train, restaurant or on publictransport. Some conditions, like a completely charged battery, facilitate a fast and accurate penetration, whereas others, such as tapping the screen while a page is loading, reduce hackers’ ability to determine what website isbeing viewed. The vital finding from the study is that such an attack is carried out successfully, researcherssaid. In the study, the slower, less accurate attempts at penetration were still accurate at intervals six seconds about the time. “Although this was an early study of power use signatures, it’s terribly likely that data besides browsing activity may also be stolen via this side channel,” said Gasti. “Since public USB charging stations are so widely used, people have to be compelled to be aware that there can be security problems with them. for example, informed users may choose not to browse the net while charging,”he said.
Researchers at security firm Kaspersky Labs found that they may install a third-party application, sort of a virus, onto the phone via its USB cable connected to a pc. It took them below 3minutes. • They also found that the Android and iOS phones tested leaked a bunch of personal information to the pc they were connected to while charging, as well as the device name, device type, device manufacturer, serial number and even a list offiles. • It’s well known that public Wi-Fi connections are a security risk, as this iPhone-crashing bug showed, however USB connections to PCs are also a significant vulnerability. this idea was projected by hackers as a theory in 2014 but never proven. This new analysis shows this vulnerability remains open. • The ‘effective power’ string of Arabic text would crash a friend’s iPhone if they were sent it inMay 2015 • A prank website crashsafari.com crashed iPhones and influence other phones and devices in January2016 • Many iPhone half-dozen users who had their touchscreens replaced by third parties are hit by the ‘Error 53’ message that disables an iPhone if touch ID hasbeen tampered with • Changing the date to January 1, 1970, on iPhone 5s and later renders the iPhone useless when it isrebooted • Apple released an emergency update to its software in August2016 • after the “most refined spyware” ever seen was used to try and attempt to break into the phone of an Arabactivist • “The security risks here are obvious: if you’re a daily user, you’ll be tracked through your device IDs; your phone could be silently filled withanything • from adware to ransomware. And, if you’re a decision-maker in ahuge • company, you may easily become the target of skilled hackers,” said Alexey Komarov, a researcher at Kasperskylaboratory. • “And you don’t even have to be highly skilled in order to perform such attacks, all the information you wish will easily be found on theweb.”
Hackers have already exploited this connection: in 2013, Italian hacker s called “The Hacking Team” were ready to infect a phone with malware through a pcconnection. • They premeditated the attack based on the device model of the victim, that the hackers managed to induce through the USB-connected pc.“That • wouldn’t have been as straightforward to achieve if smartphones did not automatically exchange data with a computer upon connecting to the USB • port,” Kaspersky Labssaid. • How to shieldyourself • Only plug your phone into trustworthy computers, using trusted USB cables • Protect your mobile with a password, or with another methodology like fingerprint recognition, and don’t unlock it whilecharging. • Use apps which are encrypted like WhatsApp and iMessage to communicate • Antiviruses may be a bore; however, they assist to detect malware even if a “charging” vulnerability isemployed. • Update your mobile operating system to the most recent version, as thatmayhavethemostup-to-datebugfixes.