Mishaal Rahman / Android Authority
TL;DR
Researchers have identified new methods to exploit backdoors into Android and iOS to steal data.
“Choicejacking” is an evolution of the infamous juice jacking technique and also uses a rigged USB charger or cable to initiate data theft on your mobile devices.
Choicejacking uses a combination of techniques to bypass existing juice jacking protection while faking user input to enable permissions illicitly.
Juice jacking is a decade-old technique where hackers can install spyware and gain access to your phone when you use a public charging point to juice up (hence, the name) the phone’s battery. Over the years, Google and Apple have enforced restrictions that prevent data transfer, especially when your phone is locked. Although these measures have been believed to suffice, researchers recently discovered they may not be enough, primarily in the face of more sophisticated attacks.
Researchers at TU Graz, Austria, recently identified a series of novel techniques that can bypass existing preventive restrictions and access data on anyone’s iPhone or Android device using the USB port. They have named the new technique “Choice-jacking,” a wordplay on the familiar technique of juice jacking. In the paper, researchers claim they were able to spoof user actions, such as actively switching from just charging to data transfer and allowing a prompt that enables an external system or device to access files and settings on your phone. The nature attack involves replicating user choices, which could have led to the naming.
Like juice jacking, choicejacking uses malicious chargers to initiate attacks on the users’ phones. Unlike connections to PCs, both Android and iOS allow direct access to wired accessories without explicit permission, which can be exploited for attacks.
On Android, specifically, the attacks work by exploiting permissions for peripherals (via AOAP or Android Open Accessory Protocol), such as mice or keyboards. Attackers can then begin hijacking system input through ADB (or Android Debug Bridge), which can simulate user input and change the USB mode to allow data transfer. The attack then proceeds with a series of commands aimed at gaining complete control of the device and gaining key access for further control.
On iOS, a rigged USB cable or charger can be used to trigger a connection event for a Bluetooth device. Although it may appear as a regular Bluetooth-based audio accessory to your iPhone, it could act as the machinery to secretly allow data transfer and gain access to specific files and photos. However, it cannot access the entire iOS system as it can on Android.
The team says it tested these attacks on eight top phone brands, including Xiaomi, Samsung, Google, Apple, etc. It notified these brands, and six out of eight have already patched — or are in the process of patching — the vulnerability.
Despite these fixes, the best defense against choicejacking would be to avoid using public chargers at all costs. If you’re traveling or anticipate your phone’s battery may not last through the duration that you are out, we suggest carrying your own solution. There are plenty of chargers or power banks that we recommend so you can avoid attacks like choicejacking and avoid getting malware on your phone, or worse, losing your personal data in the process. Other solutions, such as Android’s Lockdown mode, could be your saviors, but you would need to activate it manually every time you charge your phone with an unknown charger.
Thank you for being part of our community. Read our Comment Policy before posting.