Jailbroken idevices pwned by charging stations

Powered by SC Magazine
 

USB mode silently comes to life.

Data can be stolen from Windows, Android and Apple devices by unassuming power charging towers.

In an attack demonstrated at the Defcon hacking conference, mobile phone charging units were rigged to pull data from phones plugged into them.

They were laced with different power charging adaptors to make them more appealing.

Some stock phones were safe since they deactivated USB mode when they were powered off, but others were not so lucky.

Many jailbroken and modified devices activated USB functions when  they were plugged in, or simply rebooted.

That gave security researchers Brian Markus, Joseph Mlodzianowski and Robert Rowley the access they needed to pull data, though they instead served victims with a warning.

“If the phone died due to lack of power, in most cases the phone would boot up upon
plugging it in, then expose the data,” Marcus said.

Three hundred and sixty four people fell for the trick. Each was served with a message that warned of the dangers of using public power charging stations.

The researchers were still crunching over the findings, however Markus said specifications that may mean USB modes were silently actived included the platform and version of operating system and root kits and jailbreaks used, whether custom systems like Android ROMs were used, and the drivers loaded on the host.

Markus said the team was to his knowlegde the first to expose the threat, but said he was suspcious “of certain power kiosks”.

“Our goal is to promote security awareness.  While we do have several other variants of this demo that shows what could happen, we demo them in a responsible way.”

Copyright © SC Magazine, Australia


Jailbroken idevices pwned by charging stations
 
 
 
Top Stories
 
 
IAG hands digital chief his own ‘Labs’ division
Enterprise ops chief squeezed out in restructure.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
The 5 Windows 10 privacy issues you should be aware of
Jul 31, 2015
There are a few unsettling details when it comes to Windows 10 privacy
Windows 10 is here! (For some)
Jul 29, 2015
Delivery of the free upgrade versions of Windows 10 began today - have you got yours yet?
Microsoft reveals Microsoft Send, a new enterprise chat app to rival Slack
Jul 27, 2015
Microsoft Send is MSN Messenger for grownups, and you could be using it at work very soon
Developers offered $500,000 grants to find HoloLens uses
Jul 8, 2015
Can augmented-reality end up in business?
Microsoft Tossup: The planning app for unorganised groups of friends
Jul 8, 2015
App allows friends to research venues, vote on plans and chat. And depending on how you run your ...
Latest Comments
Polls
Should law enforcement be able to buy and use exploits?



   |   View results
Yes
  14%
 
No
  51%
 
Only in special circumstances
  17%
 
Yes, but with more transparency
  18%
TOTAL VOTES: 826

Vote