The next time your phone battery is in desperate need of a charge, you may want to opt for an old-fashioned wall plug instead of a USB cord. A Kaspersky Lab study found that charging smartphones via a laptop increases a person's vulnerability to hackers.
Curious to determine the data that smartphones transfer externally while being connected to a PC or Mac for charging, experts at Kaspersky tested a number of phones running on various versions of Android and iOS operating systems.
Following their research, the experts concluded that “a whole litany” of data is transferred during the “handshake” between the two devices. That is, the introduction process between the device and the laptop it is connected to.
During that time, the phone shares the device name, manufacturer, type, serial number, firmware information, operating system information, file system/file list, and the electronic chip ID.
“The amount of data sent during the handshake varies depending on the device and the host, but each smartphone transfers the same basic set of information...” Kaspersky Lab wrote in a Thursday statement.
Kaspersky went on to note that the situation is an “indirect” security issue.
“Now that smartphones almost always accompany their owner, the device serves as a unique identifier for any third party who might be interested in collecting such data for some subsequent use. But it wouldn’t be a problem if collecting a few unique identifiers was all that an attacker could do with a device connected to an unknown computer or charging device,” it wrote.
Laptops aren't the only dangerous concern for smartphone users, according to Kaspersky.
Citing a concept that a cell phone could be infected with malware by plugging it into a fake charging station – originally presented at Black Hat Europe conference in 2014 – Kaspersky said that such infections were indeed possible. A fake charging station will simply flash a compromised boot rather than charge the device, Guru reported at the time.
“Using just a regular PC and a standard micro USB cable, armed with a set of special commands (so-called AT-commands), [Kaspersky experts] were able to re-flash a smartphone and silently install a root application on it. This amounts to a total compromise of the smartphone, even though no malware was used,” Kaspersky wrote.
In conclusion, Kaspersky researcher Alexey Komarov said it was “strange to see that nearly two years after the publication of a proof-of-concept demonstrating how a smartphone can be infected though the USB, the concept still works.” He added that “you don't even have to be highly-skilled in order to perform such attacks, all the information you ned can easily be found on the internet.”
Kaspersky Lab is one of the world's fastest-growing cybersecurity companies, operating in 200 countries and territories.