Even though public charging stations offer peace of mind to smartphone users and save them from the horror of seeing their phones running out of juice while they are out and about, they bring out several vulnerabilities in your phone that greedy hackers are itching to exploit. As per the Kaspersky report, when smartphones are connected to public charging stations or PCs, they transmit data like 'device name, device manufacturer, device type, serial number, firmware information, operating system information, file system/file list, electronic chip ID.' The report adds that this set of information is enough for hackers to target your phone.
Beware clone Wi-Fi networks, they could brick iPhones!
The Kaspersky report bases its findings on a couple of instances where professional hackers were able to exploit phones when they were connected to USB charging ports. In 2013, a hacking campaign named Red October demonstrated how data stored in mobile devices could be stolen when they were connected to a computer. Another hacking group calling itself the Hacking Team was successful in loading malware o a smartphone which was connected to a USB charging station.
'The security risks here are obvious: if you’re a regular user you can be tracked through your device IDs; your phone could be silently packed with anything from adware to ransomware; and, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,' said Alexey Komarov, one of the researchers.
Spotify user data hacked and exposed on Pastebin
“And you don’t even have to be highly-skilled in order to perform such attacks, all the information you need can easily be found on the Internet,” he added.
To save your phone from being compromised, you do not need to avoid public charging stations at all. Instead, the report explains, always protect your phone with a password and avoid unlocking your phone while charging. At the same time, you can use encryption technologies as well as the latest security solution to ensure that nobody is able to break into your phone through deceptive means.
At the moment, researchers at Plymouth University’s Centre for Security Communication and Network Research are working on a new concept called GOTPass which is a multi-level authentication system involving images, one-time numerical codes and eight digit PINs. The researchers recently published a series of security tests on the GOTPass system which showed that out of 690 hacking attempts, only 23 were successful.
Unsure about how secure your password is? You should try GOTPass
Back in April, a group of researchers revealed that iPhones and iPads constantly update “network time protocol” through Wi-Fis to sync their date and time settings. Using a malicious Wi-Fi with a name that an iPhone recognises, a hacker can feed in January 1, 1970 as the date which ends up crashing the iPhone.
"The researchers said they discovered they could build a hostile Wi-Fi network that would force Apple devices to download time and date updates from their own (evil) NTP time server: And to set their internal clocks to one infernal date and time in particular: January 1, 1970," wrote security researcher Brian Krebs in his website.