For a long time, smartphones have had a built-in feature that saves us against unauthorized access through USB. In Android and iOS, pop-ups ask us to confirm access before a data USB connection is established to transfer our data.
But this defense is not enough to protect against “juice-jacking” — a hacking technique that manipulates charging stations to install malicious code, steal data, or enable access to the device while plugged in. Experts have found a severe flaw in this system that hackers can exploit easily.
Cybersecurity researchers have discovered a serious loophole in this system that can be easily exploited.
Hackers using new technique to hack smartphones via USB
According to experts, hackers can now use a new method called “choice jacking” to make sure that access to smartphones is easily verified without the user realizing it.
First, the hackers deploy a feature on a charging station so that it looks like a USB keyboard when connected. After that, through USB Power Delivery, it runs a “USB PD Data Role Swap” to make a Bluetooth connection, activating the file transfer consent pop-up, and approving permission while acting as a Bluetooth keyboard.
The hackers leverage the charging station to evade the protection mechanism on the device, which is aimed at protecting users against hacking attacks with USB pe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.