Never use someone else's charger for your smartphone. Your data can steal
Technologies / / December 19, 2019
What is the danger
Times when smartphones and tablets have separate connectors for the charger and data transmission, a long time passed. Now all the gadgets are charged via the USB-cable to transmit both information and energy. It is comfortable and practical, but this situation opens up new possibilities kibervzlomschikam.
At the annual conference DEF CON cracker named Mike Grover, known under the pseudonym of the MG, showed he created a fake Apple Lightning Cable for iPhone. In appearance it is not distinguished from the ordinary, but hidden insideThese Legit-Looking iPhone Lightning Cables Will Hijack Your Computer special chip with a wireless communication module.
Mike Grover in an interview MotherboardHe looks like the original cable, and works the same way. Even your computer will not notice any difference. While I, the attacker does not take control of it by wireless communication.
After the victim connect your smartphone to your computer through a fake cable, an attacker can gain full access to the system. MG claims
Twitter-Account MGThat the same cable works with the Windows, MacOS and LinuxAnd it can also be used for hacking mobile devices. Manage such a gadget is available with an application written by a hacker.And let Android owners make no mistake: at stake is not only the iPhone.
Mike GroverCables Apple modified the hardest. Therefore, if I was able to build chips in them, then I easily cope with other chargers.
A hacker can connect to smartphones, which have thrust such a cable, at a distance of 90 meters. But a modified arrangement can be set up and so that it connects to the nearest wireless network, so that the distance may even be unlimited.
Mike Grover created a test cables party called O.MG, which he successfully soldPrototype O.MG Cable with early access $ 200 apiece. It is noteworthy that all of them he gatheredTwitter-Account MG your own kitchen is literally at the knee. In the future, Grover intends to put the production on stream and sell their cables for $ 100 to all comers.
Updated blog to answer the most common questions on #OMGCable: https://t.co/Zd8S5ckSEL
Highlights:
- Prototype owners can now apply to the private community.
- Those who want the production cables can sign up on @ Hak5'S site: https://t.co/mVYIMD3v7g- _MG_ (@_MG_) August 12, 2019
Mike Grover is not the only one who thought to use to crack fake USB-cable. A year ago, Kevin Mitnick has developedUSBHarpoon Is a BadUSB Attack with A Twist similar device called USBHarpoon, looking like a normal charging cord. The principle of operation it is the same.
Vincent Yu, a colleague Mitnick showed how the USBHarpoon. He recharged his drone from a laptop via USB-cable is compromised, and he immediately began to perform on the computer incorporated in the team there.
Such stories are not new. Hackers even there was a slang expression Juice Jacking - «squeezing the juice." you connectJuice Jacking: Phone Charging your phone via USB to a public charging stations, modified by a hacker, and your device is transferred to the malicious code.
Caleb Barlow, Vice President of X-Force Threat Intelligence to the IBM SecurityConnect to a shared USB-port - it's like to find a toothbrush on the side of the road and stick it in his mouth. You have no idea where this thing is visited.
Back in 2011 at the conference DEF CON Brian Marcus, president of Aires Security, demonstratedHow Juice Jacking Works, and Why It's a Threat USB-charging station created by him and his colleagues. She stole a connect to her smartphone users' personal data, contacts, correspondence, PINs, passwords, and even intimate photos.
The prototype of this station then stoodBeware of Juice-Jacking at DEF CON three and a half days, and 360 unsuspecting visitors to connect to it. There is nothing easier than to establish a similar contraption in a hotel, supermarket or airport.
How to protect yourself
There are adapters USB Condom, which are designed to protect devices from malware infection and data theft. But Mike Grover showed that the cables are not afraid.
# 3 - BadUSB Cables would not be complete without BadUSB Condoms.
Tempted to get a run of these made for the vendor area at the next security con. pic.twitter.com/Iq8HHSV7qG
- _MG_ (@_MG_) January 13, 2018
What to do?
- Use only your cable from your smartphone. Original created by the device manufacturer.
- If you need to recharge, not connect to other gadgets via USB, and an outlet with a special adapter. Specialist of claims Authentic8 Drew PikeFree charging stations can hack your phone, here's how to protect yourselfThat they are exactly safe.
- Do not connect to a public charging station.
By following these simple rules, and even if among your acquaintances wormed hacker, he will not do anything.
see also🧐
- How to check the Chrome extension for safety and find a more secure alternative
- How to stay safe using a public Wi-Fi
- 5 iOS 12 opportunities for personal data protection and safety