For some years now, smartphones have had a built-in feature that protects against unauthorized access via USB. In iOS and Android, you get pop-ups that ask for confirmation when a data USB connection is established before you can actually start transferring data.
However, this guard against “juice jacking”—a hacking method in which charging stations are manipulated to inject malicious code, steal information, or allow access to the device when plugged in—is apparently not as secure as expected.
Cybersecurity researchers have discovered a serious loophole in this system that can be easily exploited.
A new way to hack smartphones via USB
As Ars Technica reports, attackers can use a new method called “choice jacking” to ensure that access to smartphones is easily authorized without the user being aware of it.
To do this, attackers first install a feature on a charging station so that it actually appears as a USB keyboard when connected. Then, via USB Power Delivery, it executes a “USB PD Data Role Swap” to establish a Bluetooth connection, trigger the file transfer consent pop-up, and approve consent while acting as a Bluetooth keyboard.
The charging station can therefore be used to bypass the protection mechanism on the device, which is actually intended to protect against hack attacks with USB peripherals. In the worst case scenario, hackers could gain access to all files and personal data stored on your smartphone in order to take over accounts.
The researchers at Graz University of Technology tested this method on devices from various manufacturers, including Samsung, who sells the most smartphones alongside Apple. All tested devices allowed data transfer as long as the screen was unlocked.
No real solution available for most devices
Although smartphone manufacturers are aware of the problem, there still isn’t sufficient protection against choice jacking. Only Apple and Google have implemented a solution, which involves users first entering their PIN or password before they can add a device as a trusted source and start the data transfer. However, other manufacturers have not implemented sufficient protection against such attacks yet.
If your device has USB debugging enabled, it’s especially at risk because USB debugging can allow attackers to gain access to the system via the Android Debug Bridge and install their own applications, execute files, and generally use a higher access mode.
How to protect yourself
The easiest way to protect yourself from choice jacking attacks via USB charging stations is, of course, to never use a public charging station or any charging station that isn’t your own. USB charging stations in high-traffic areas—like airports—are especially dangerous.
It’s better to use your own power bank when traveling and make sure that your smartphone is always up-to-date with the latest security updates.
Further reading: Your USB cable could be hiding hacker hardware
Login to add comment
Other posts in this group
For a decade or so, a major threat to your laptop wasn’t a virus, mal
Far be it from me to engage in a little schadenfreude… Actually, no.
During the first quarter of 2025, the total number of DDoS attacks in
One of the best ways to sync your smart lights with the images on you
Roku is best known for its streaming boxes and sticks, but it also of
Intel said Tuesday that the company’s Arizona fab has run the first l
