Charge Your Cell Phone, Get Malware?
Most of us have been in an airport or other similar public place and seen the free charging kiosks.
And, I'll venture to bet that most of us have used 'em, too.
Looks like the bad guys aren't running out of ideas on ways to get at you and your data, and now it looks like the free ride at the charging kiosk is over since the bad guys can start moving in there, too.
That's what Brian Markus (president of Aires Security) and his colleagues (researchers Joseph Mlodzianowski and Robert Rowley) showed when they built a charging kiosk at the 2011 DefCon hackers convention in Las Vegas.
As crazy as it sounds, charging your smart phone at a free charging kiosk can leave it exposed to data theft or even malware installation.
Brian Krebs always fantastic security blog, Krebs on Security, has a piece called Beware of Juice Jacking that goes into detail about how even some phones with settings to disable USB transfer don't do so reliably enough to be trusted.
'One attendee claimed his phone had USB transfer off and he would be fine. When he plugged in, it instantly went into USB transfer mode,' Markus recalls. 'He then sheepishly said, `Guess that setting doesn’t work.`'
Given that we haven't had any opportunities to test smart phone antivirus software against these types of threats, we can't say if the current batch of antivirus software for phones would be enough to prevent these types of attacks. Given what we've seen from VIPRE Mobile (the version of VIPRE Antivirus for Android Mobile phones), we expect it would.
Regardless, it's clearly safest to avoid these kiosks for charging your phone, and as the piece says,
If you must use a random charging kiosk, the safest option may be to completely power off the device before plugging it in.
'One thing we discovered: On certain devices, if you power them completely off, then charge them, they don’t expose the data,' Markus said.
The comments to this entry are closed.