Video Jacking: Major Smartphones Vulnerable to Hacking Threat

Major smartphones – the iPhone, Samsung Galaxy phones and Google’s Nexus phones – are vulnerable to the hacking threat called “video jacking”, when plugged into public charging stations, this according to cyber security company Aries Security.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,” Brian Markus, CEO of Aries Security, told CNBC.

The CEO of Aries Security describes video jacking this way, “When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded.”

How does video jacking work?

According to Markus, video jacking happens when an iPhone, Samsung Galaxy phone or Google phone is charged in a rigged public charging station. Hackers, he said, can compromise a public charging station by attaching an HDMI cable.

An HDMI cable is a widely available smartphone accessory that allows images from a phone to be projected onto a TV screen.

Once a smartphone is plugged into a charging station with a hidden HDMI cable, hackers could secretly record a video and record everything you do on your phone.

With the HDMI cable, Markus said, “There’s no security prompting asking the user if they’re sure that they want to allow this to go out.”

Dangers of Using Public Charging Stations

In May this year, cyber security company Kaspersky Lab warned about the dangers of charging mobile phones in public charging stations.

“Smartphones can be compromised when charged using a standard USB connection…,” Kaspersky said in a statement.

In the blog post entitled “Charging your smartphone’s battery over USB can be dangerous,” Kaspersky researcher Alexey Komarov wrote, “USB ports were designed not just to provide charge, but also to transfer data. So whenever a mobile device is connected to a USB port, it attempts a handshake, during which it transmits some data.”

He added, “On average, it takes more than 100 kilobytes of data just to tell the host system about the phone’s files and folders — for reference, that’s about the size of Alice in Wonderland e-book.”

In a 2013 paper called “Mactans: Injecting Malware into iOS Devices via Malicious Chargers,” researchers led by Billy Lau found that iOS devices can be compromised in just one minute after being plugged into a malicious charger.

To demonstrate the vulnerability of iOS devices, Lau and his associates built a malicious charger called Mactans, using a BeagleBoard.

“While Mactans was built with a limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish,” Lau and his associates wrote.

In another paper called “Charge Your Device with the Latest Malware” published in 2014, researchers led by André Pereira highlighted the dangers of Android smartphones of physical attacks using the USB.

Mobile phone attacks through USB can be accomplished through the use of public fake charging stations, Pereira and his associates wrote. They added, “USB connection is a threat that should not be overlooked.”

So the next time you are on the road and your mobile phone battery is slowly dying on you, do not be tempted to charge into that nearest public charging station.

To prevent possible attacks through unknown charging points, Kaspersky advises smartphone users to exercise the following:
• Use only trusted USB charging points
• Protect your mobile phone with a password, or with another method such as fingerprint authentication, and never unlock it while charging
• Use encryption technologies and secure containers

Better yet, bring your own charger. This way, you are sure that you are out of harm’s way.

Image from iStock/xrrr.