As you frantically scoop up some power from a free charging station before your flight, you could unwittingly be letting a hacker record everything on your smartphone’s screen.
Researchers at the DEF CON security conference in Las Vegas recently demonstrated a new technique that can hide special snooping gear inside one of those ubiquitous charging stations.
It may look like a normal place to get a battery boost — but the USB cord has been rigged to capture the phone’s video display and record everything that appears on the screen, the cybersecurity experts showed.
That includes your device PIN, bank passwords, and personal emails and texts.
The proof of concept was designed to highlight a vulnerability where HDMI-ready smartphones, like the iPhone and most Android devices, automatically allow the video signal to be sent out without any warning to or requiring any action from the user.
Device makers Apple, HTC and LG weren’t immediately available for comment.
“Awareness is key,” said Brian Markus, CEO of Aries Security, the firm that conducted the research. “People should be aware that plugging in their phone to a connection of even a friend of theirs could be dangerous because they don’t know if their friend[‘s phone] has an infection or has had their device tampered with.”
Security writer Brian Krebs wrote that the threat from video jacking was “interesting” and “very real,” but acknowledged that the practice “doesn’t strike me as very likely that most mere mortals would have reason to worry.”
Rather than use any of the charging kiosks popping up all over the place, Krebs recommends investing in your own portable charger or plugging in to the wall.
“You’ll never go wrong if you plug in to the power,” he said. “So far.”
