In recent years, smartphones have incorporated a built-in feature aimed at safeguarding against unauthorized access through USB connections. Both iOS and Android systems present users with pop-up notifications requiring confirmation when a data USB connection is initiated, thereby attempting to prevent potential breaches. However, this form of security, which addresses the risk of “juice jacking”—a technique where thieves manipulate charging stations to inject harmful code or steal data—has proven to be vulnerable.
Cybersecurity researchers have identified a significant flaw that could easily be exploited by attackers. To manipulate the system, cybercriminals can modify a charging station to appear as a USB keyboard. Utilizing a feature known as USB Power Delivery, attackers execute a “USB PD Data Role Swap” to establish a Bluetooth connection and trigger the file transfer consent prompt.
Acting as a Bluetooth keyboard, they can approve consent, effectively circumventing the built-in security measures. This breach poses a serious threat, potentially allowing hackers access to personal data and files stored on the smartphone, which could lead to account takeovers. Research from Graz University of Technology tested this exploitation method across various smartphone brands, such as Samsung and Apple.
Alarmingly, all the devices allowed data transfer as long as the screen was unlocked. Currently, there is no universal solution for preventing such attacks. While Apple and Google have implemented a method requiring users to input a PIN or password before consenting to connect a device, many other manufacturers have not adopted similar protective measures.
Devices with USB debugging enabled are particularly vulnerable, as this feature can permit attackers to access the system through the Android Debug Bridge. To protect against choice jacking while using USB charging stations, the best strategy is to avoid public charging areas altogether. High-traffic locations, such as airports, present the greatest risk.
Instead, consider using a personal power bank during travels and ensure that your smartphone regularly receives the latest security updates.