'Video jacking' attack allows attacker to see what you see
If docking a phone at unfamiliar charging stations wasn't iffy enough, a “video-jacking” attack by Aries Security researchers highlights yet another attack vector to consider.
Similar to “juice jacking,” the attack can be carried out using roughly US $220 (£170) worth of equipment hidden inside what appears to be the charging station to essentially see everything a user sees, taps and does with their device including seeing a user's password entered when they unlock their screen, according to an 11 August Krebs On Security blog post.
Some devices may briefly flash something similar to “HDMI Connected” but most will display no warning at all, researchers said in the post. Several Androids, iPhones and other HDMI-ready smartphones manufactured by Asus, BlackBerry, HTC, LG, Samsun and ZTE are susceptible to the attack.
Users are advised to disable screen mirroring if possible but even that might not prevent the attack.