A security researcher has warned people of charging their smartphones in public. Drew Paik from security firm Authentic8 recently told press that leaving phones in a public USB docking station could leave it vulnerable to exploit, allowing an attacker to make off with all the precious data on it.
Can you really leave yourself vulnerable by simply plugging your phone into a USB? Paik contends that much like plugging a phone into a computer to charge it, it is also possible to exchange data between the two devices. Another name for this is “Juice Jacking”. The rub is that in so many cases power and data are funnelled through the same connection.
This was shown off at last month's RSA security conference where visitors to Authentic8's stand were offered the use of a charging station. By the time it got to presentation, over 80 percent of the audience had taken advantage of this dubious offer.
Others have warned of the possibility of not just stealing data, but injecting malicious code directly into the device.
In 2013, Billy Lau, Yeongjin Jang and Chengyu Song showed a Black Hat audience one way to do this. Using cheap, readily available materials, the three security researchers built a proof of concept malicious charger which they called Mactans. By exploiting a vulnerability in iOS devices, the researchers easily gained access to iOS devices in a matter of seconds.
Paik's statement reached a wide audience, with even left wing news outlet, the Young Turks covering the warning.
Paik says that Instead of being tempted by the offering of public charge point, users should get used to carrying around their own chargers or portable batteries.