When you purchase through links on our site, we may earn an affiliate commission. This doesn’t affect our editorial independence.
Choicejacking is an emerging threat in which a harmful device camouflaged as a charging station hijacks a victim’s smartphone and causes it to verify, without the victim’s agreement or approval, that they wish to link in data-transfer mode. This implies allowing the disguised charging station to access the phone’s information, such as photos, documents, and contacts.
Even though smartphone and tablet makers have implemented protections against Choicejacking, an incident in which harmful chargers affect linked mobile devices, cybercriminals have discovered methods to circumvent these defences. Innovative methods to bypass smartphone security measures incentivise users to avoid public phone chargers.
“Choicejacking poses significant risks as it forces a device into making choices that users did not mean to make, often without their awareness,” states cybersecurity expert Adrianus Warmenhoven from NordVPN. “These attacks take advantage of our trust in our daily dealings with smartphones, whether by providing access to data or facilitating malware downloads.”
Choicejacking: An Emerging Threat
The threat of Choicejacking first emerged in 2011, prompting OS (operating system) developers to introduce a safeguard. When a smartphone links to a device that supports Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP), effectively a hacker’s computer masquerading as a charging port, it prompts the user to choose whether to permit data transfer or solely charge the device. Nonetheless, cyber criminals have found a way to circumvent it.
Harmful charging stations can hijack smartphones by mimicking USB or Bluetooth input devices to secretly activate data transfer modes. These methods span from keystroke injection and input buffer to protocol exploitation, impacting Android and iOS (in certain situations). The assault can be executed in just 133 milliseconds, quicker than a human blink, rendering it nearly impossible to detect.
“Choicejacking is a perilous advancement in threats related to public charging.” “Using one misleading prompt, attackers can fool people to activate data transfer, risking the exposure of personal documents and sensitive information,” states Adrianus Warmenhoven. “Public USB ports must never be considered secure, and vigilance is the main safeguard,” he noted.
Check Out Previous Posts on this Site
6 Cool Accessories that You Can Plug into Your Phone’s Charging Port
How to Prevent Choicejacking
- Maintain smartphone applications and keep them updated with the latest security updates.
- Consistently keep your phone’s battery above 10%. This is essential to lessen the frequency of emergency charging.
- Always use a portable power bank. Consider this the most secure and convenient choice.
- Use a wall outlet with your USB charger and cord if possible. Avoid USB ports at public charging stations, such as hotels or airports.
- Activate “Charge only” on Android devices if available. This provides additional protection.