Charging Phones In Public Is A Security Risk

Mobile users have been warned that charging up their smartphones or tablets using public power sockets could expose their devices to criminals.

An investigation from Kaspersky Lab found that smartphones can even be compromised when charged using a standard USB connection connected to a computer.

Information including a device’s serial number, electronic chip ID and file system list can be revealed to third parties when such a service is used, meaning users could be unknowingly identified and even tracked.

At risk

Researchers said both Android and iOS devices could be compromised when connected to a PC to charge, with the latter acting as an unwitting window into the user’s information.

Most of the data is transmitted during the handshake’ (a process of introduction between the device and the PC/Mac it is connected to), which can also include the device’s name, manufacturer and type.

In its investigation, the Kaspersky Lab team was able to show off the damaging effects a connection could bring, as they were able to re-flash a smartphone and silently install a root application on it, creating what they called “a total compromise” of the device.

“It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected though the USB, the concept still works,” said Alexey Komarov, researcher at Kaspersky Lab.

“The security risks here are obvious: if you’re a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,.

“And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet.”

The company is advising users to only trusted USB charging points and computers to charge a device, as well as setting up a password or fingerprint log-in using encryption technologies.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

View Comments

  • The article seems to concentrate on the device being compromised when connected to a computer and only seems to hint that a USB charger plugged into a power socket can also act as an input to your phone. Please clarify.

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

2 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

2 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago