Be Aware! Your witless acts can cause you a life’s threat. Plugging your phones to public charging stations or computers at railways stations, bus stands etc. using USB cables makes your phone vulnerable to hackers. Not even every USB cable in the market is genuine and poses the possibility of data theft while charging. USB cable possess a dual feature of charging as well as sharing data.
Researchers have known the threats of charging a smartphone from USB cable, which can also transfer data.
Experts during a research at the New York Institute of Technology (NYIT) demonstrates that even without data cables, hackers are able to access a user’s activity like the websites visited by him while charging a device using a “side channel”.
Kiran Balagani, a researcher at NYIT, informs that “a malevolent charging station” may use seeming unrelated data such as – device’s power consumption, to extract sensitive information from his/her smartphone.
People at airports and railway stations, people are so happy while they discover a charging point and plugging into it makes them de-stressed. But they are not aware that their phones are at a risk of “juice- jacking” when a compromised outlet steals their sensitive information, a researcher said.
The research in its field is the first two demonstrate that even analyzing the power consumption behavior of a smartphone, can make their sensitive information vulnerable, with several other factors.
The side-channel attacks were successful as “webpages have a signature that reflects the way they load and consume energy”, said Paolo Gasti, assistant professor NYIT.
The remaining power traces acts as signature and helps a hacker to determine which website is being accessed by the victim.
The researchers verified the attack by using power signatures under several different conditions.
After accumulating power traces via a range of smart phones browsing popular websites, researchers launched attacks and examined the accuracy with which their algorithms could determine, which websites were visited while the phones were plugged in.
Battery charging level, browser cache enabled/disabled, taps on the screen, and Wi-Fi/LTE were a number of factors which influenced the accuracy rate in tracing websites.
Full charging levels, makes the level of penetration easier, while tapping on the screen during a website being loaded reduces the capability of the pentester to trace a website.
The acts could range accurate from six seconds about half the time.
“Although this was an early study of power use signatures, it’s very likely that information besides browsing activity can also be stolen via this side channel,” said Gasti.
“Since public USB charging stations are so widely used, people need to be aware that there might be security issues with them. For example, informed users might choose not to browse the web while charging,” he said.