Mobile charging points could leave phones vulnerable to hacking

We've all been caught out with low battery in public – just at a time when we really need to make an important phone call or let our friends know where we are. 

It's because of this that public charging points have been a boon – simply plugging your handset into a shared computer in a public library or at an airport can be a life-saver. 

However, by doing this you could be running a bigger risk than you might think, as a new report from Kaspersky Labs has indicated that smartphones are more vulnerable to being compromised at a freely available charging station. 

Researchers for the organisation investigated how much – and what – data is exchanged between devices at these stations by testing a range of – smartphones on various versions of Android and iOS mobile operating systems. 

It was revealed that smartphones display a whole host of data to the computer terminal during the handshake, which is the process of introduction between the handset and the computer it is connected to. 

Among the data revealed was the name of the device, its manufacturer and type, serial number, firmware information, operating system information, file system, electronic chip ID and a list of files. The quantity of data shared depends on the device and the host, but every smartphone was found to transfer the same basic level of information. 

Security is therefore an issue – although an indirect one. Given that smartphones generally accompany their owner at all times, it can act as a unique identifier to unscrupulous third parties who wish to collect data for subsequent use. 

The Kaspersky Lab researchers were able to silently install a root application on a test smartphone and totally compromise its security – even though no malware was used. Just a regular desktop computer and a standard micro USB cable were required. 

Alexey Komarov, researcher at Kaspersky Lab, expressed surprise at the fact that smartphones can still be compromised in this fashion – even though this was discovered some time ago. 

“It is strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected through the USB, the concept still works,” he commented. 

“The security risks here are obvious: if you're a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you're a decision-maker in a big company, you could easily become the target of professional hackers,” he continued. 

“And you don't even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the internet.”

Written by Mazuma

Mazuma Mobile is Australia's most trusted mobile phone recycling service.

Leave a Reply

Your email address will not be published. Required fields are marked *