Never use someone else's smartphone charger. Your data may be stolen
What is the danger
The times when smartphones and tablets had separate connectors for a charger and data transfer are long gone. Now all gadgets are charged via USB-cables, which transmit both information and electricity. It is convenient and practical, but this state of affairs opens up new opportunities for cyber-crackers.
At the annual DEF CON conference, a cracker named Mike Grover, known by the alias MG, revealed the fake Apple Lightning cable he created for the iPhone. In appearance, it cannot be distinguished from the usual one, however, These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer is hidden inside a special chip with a wireless module.
It looks like an original cable and works the same. Even your computer will not notice any difference. Until I, the attacker, take control over him wirelessly.
Mike Grover in an interview with Motherboard
After the victim connects his smartphone to the computer via a fake cable, the hacker will be able to gain full access to the system. MG claims MG's Twitter account says the cord works the same way with Windows, macOS and Linux, and can also be used to hack mobile devices. You can control such a gadget through an application written by a hacker.
And let the owners of Android not deceive themselves: not only the iPhone is at risk.
Apple cables are the hardest to modify. Therefore, if I managed to integrate the chips into them, then I can easily cope with other chargers.
A hacker can connect to smartphones that plugged such a cable at a distance of 90 meters. But the modified device can be configured to connect to the nearest wireless network, so the distance can be unlimited in general.
Mike Grover created a trial batch of cables called O.MG, which was successfully sold by Prototype O.MG Cable with early access for $ 200 apiece. It is noteworthy that he collected all of them MG Twitter account in his own kitchen literally on his knee. In the future, Grover intends to put production on stream and sell his cables for $ 100 to everyone.
Updated blog to answer the most common questions on #OMGCable: https://t.co/Zd8S5ckSEL
– Prototype owners can now apply to the private community.
– Those who want the production cables can sign up on @ Hak5‘s site: https://t.co/mVYIMD3v7g
– _MG_ (@_MG_) August 12, 2019
Mike Grover is not the only one who guessed to use fake USB cables for hacking. A year ago, Kevin Mitnik developed the USBHarpoon Is a BadUSB Attack with A Twist similar device called USBHarpoon, which looks like a regular charging cord. The principle of action is the same.
Vincent Yu, a colleague of Mitnik, showed how USBHarpoon works. He recharged his drone from the laptop through a compromised USB cable, and he immediately began to execute the commands embedded in it on the computer.
Similar stories are not new. Hackers even got the slang expression Juice Jacking – "squeezing juice." You connect Juice Jacking: Phone Charging your phone via USB to one of the public charging stations modified by a hacker, and a malicious code is transferred to your device.
Connecting to a public USB port is like finding a toothbrush on the side of the road and stuffing it into your mouth. You have no idea where this thing has been.
Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security
Back in 2011, at a DEF CON conference, Brian Marcus, president of Aires Security, demonstrated How Juice Jacking Works, and Why It’s a Threat, a USB charging station that he and his colleagues created. She stole personal data of users, contacts, correspondence, PIN codes, passwords and even intimate photos from smartphones connected to her.
The prototype of this station then stood Beware of Juice-Jacking at DEF CON for three and a half days, and 360 unsuspecting visitors connected to it. There is nothing easier than installing the same thing in a hotel, supermarket or airport.
How to protect yourself
There are USB Condom adapters that are designed to protect devices from malware infection and data theft. However, Mike Grover demonstrated that they are not afraid of his cable.
# 3 – BadUSB Cables wouldn’t be complete without BadUSB Condoms.
Tempted to get a run of these made for the vendor area at the next security con. pic.twitter.com/Iq8HHSV7qG
– _MG_ (@_MG_) January 13, 2018
What to do?
Use only your cable from your smartphone. Original, created by the manufacturer of the device.
If you need to recharge, connect not to other gadgets via USB, but to outlets using a special adapter. Authentic8 expert Drew Pike claims Free charging stations can hack your phone, here’s how to protect yourself that they are safe.
Do not connect to public charging stations.
Follow these simple rules, and even if there is a hacker among your friends, he will not do anything to you.
How to check the Chrome extension for security and find a more secure alternative
How to stay safe using public Wi-Fi
5 iOS 12 features to protect personal data and increase security