“ChoiceJacking”
Attack Lets Malicious Chargers Steal Data
ChoiceJacking is an advanced attack to bypass long-standing USB security measures and
can extract sensitive data like photos, documents, and app files often without
any user interaction. This silent
data theft is perpetrated in
seemingly harmless charging stations.
It has now become a major
evolution of the infamous “juice jacking” threat which is being
prevented by security prompts for USB
data, warning users when a connection could transfer data, not just charge.
However, ChoiceJacking breaks through
those protections, exploiting flaws in how mobile operating systems handle USB
interactions. It allows a malicious charging station to act autonomously tricking the device into giving up access without
any user consent or visible sign of intrusion.
Real-World
Threat at Public Charging Stations
The most likely place to
encounter ChoiceJacking? Public charging stations such as the ones found at airports, cafes, hotels, and
transport hubs. These are often used when people are distracted and less likely
to notice on-screen prompts, making them ideal attack vectors. Tech giants are now moving quickly to mitigate
the threat.
How to
Protect Yourself
Security professionals are
urging users to avoid public USB ports and instead:
- Use personal wall adapters or portable
battery packs.
- Keep all devices updated with the latest
security patches.
- Invest in USB data blockers which
are simple devices that
allow charging without enabling data transfer.
This discovery is a wake-up
call. Even with modern security prompts, sophisticated attackers can still find
ways in. As mobile threats evolve, so must our defenses. Learn
more on how to protect yourself with our Security Awareness Training.
