Although a lot of data is now flying wirelessly into the cloud, smartphone users still fry their devices frequently via USB to the charger, car or laptop. Security experts have succeeded with a multi -stage trick to use this contrasts to use data from the devices – although this should no longer be possible for more than a decade. Florian Draschbacher and Lukas Maar from the TU Graz found a back door in the USB implementation at Android and iOS.
Chargers that not only deliver electricity, but also tap data or even play malware: This scenario describes the “Juicejacking” attack method. As early as 2011, the security journalist Brian Krebs shaped the grippy name for the method that a group of security researchers had presented with public charging terminals at the Defcon 19 hacker conference. Anyone who connected their smartphone there waved a warning message on their screen.
Juicejacking was yesterday
Apple and Google reacted with several countermeasures, especially with warning messages and confirmation dialogues when connecting a new USB device for the first time. The manufacturers also remedy security gaps in the mobile operating systems in order to thwart malware spread via Juicejacking.
However, the new edition, choking by its Austrian discoverers, can partially overcome these countermeasures. The Graz researchers of a second input channel, namely a fake Bluetooth input device, use this. As the doctoral students found out, iOS and Android did not allow a freshly infected USB device to read data, but they could be made.
Draschbacher and Maar took advantage of this to establish a Bluetooth connection to the prepared input device. This in turn turned the spit and nodded a USB data query, in a fraction of a second. Hence the name: the selection to be made by the user to allow certain device connections to allow certain device connections, the attack “hijacked”, i.e.. This is made possible by the USB mode PD (Power Delivery), which allows the roles between infected peripheral devices and host devices.
However, the procedure does not always work without the victim’s intervention: the screen of the smartphone must neither be blocked nor does the trick work with the devices (BFU) (BFU) in the “BFU). But, according to the Austrians, who is on a terminal for charging, often use it during the charging process and have no chance of seeing the popup, which is only seven hundredths in tests, let alone stop.
Gaps only partially remedied by updates
The Graz researchers found other attack scenarios with which they were able to attack in addition to Apple and Google’s own devices from Samsung, Xiaomi and Huawei. Some of them are still vulnerable to choicejacking because they have not received update to repaired Android versions to date. In addition, not all attacks have already been remedied in Android 15, some of Google probably only fits in the successor version.
IOS 18.4 also fits the holes in Apple’s USB implementation-as well as Juicejacking through an additional security question. Users now have to unlock the device using a PIN or biometry if they want to connect USB devices and allow this data transfer. This is also the reason for the hesitant implementation of security patches, says Draschenbacher: “The reason for this sluggish reaction should be that it is not simply a programming error. Rather, the problem is deeper in the USB-Trust model of the mobile operating systems. If you want to protect yourself in the meantime, you can go to one USB dates blocker Griff, an intermediate plug to interrupt data connections, as is also sold in the Heise shop.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.