This groundbreaking research, set to be presented at the 34th USENIX Security Symposium in Seattle this August, demonstrates how attackers can autonomously gain access to sensitive user data including photos, documents, and app information across devices from major manufacturers.
The attack exploits a critical flaw in the assumptions underlying current USB security implementations on mobile platforms.
When the original “Juice Jacking” attacks were discovered approximately a decade ago, both Android and user prompts that require explicit confirmation before establishing data connections from USB hosts to mobile devices.
These countermeasures were designed to ensure that users maintain control over when their devices share data through USB connections.
However, ChoiceJacking demonstrates that these protections can be circumvented through a novel approach.
The researchers discovered that existing mitigations operate under the assumption that attackers cannot inject input events while establishing a data connection.
By challenging this fundamental assumption, the research team developed platform-agnostic attack principles along with three specific techniques targeting Android and iOS that enable malicious chargers to autonomously spoof user input and approve their own data connections without genuine user consent.
The researchers conducted comprehensive testing using a custom-designed, low-cost malicious charger that revealed alarming vulnerabilities across the mobile device ecosystem.
Their evaluation encompassed devices from eight different vendors, including all of the top six manufacturers by market share, demonstrating that vendor-specific customizations to USB stacks have not provided adequate protection against these sophisticated attacks.
The impact of successful ChoiceJacking attacks is particularly concerning, as the malicious chargers can gain access to highly sensitive user files including personal photographs, important documents, and application data.
Even more troubling, the researchers found that devices from two vendors were vulnerable to file extraction even when locked, representing a significant escalation in attack capabilities.
For attacks requiring unlocked devices, the researchers developed a stealthy approach using power line side-channels to detect optimal moments when users would not notice visual artifacts, making the attacks virtually undetectable during execution.
The response has been largely positive, with major technology companies including Google, Samsung, Xiaomi, and Apple acknowledging the validity of the attacks and confirming they are actively working to integrate appropriate mitigations into their platforms.
Following responsible disclosure practices, the research team reported their findings to all affected vendors before public release.
For attacks requiring unlocked devices, the researchers developed a stealthy approach using power line side-channels to detect optimal moments when users would not notice visual artifacts, making the attacks virtually undetectable during execution.
Only one vendor among those contacted has not yet acknowledged the research findings.
Use your left or right arrow keys or drag and drop with the mouse to change the gradient position. Press the button to change the color or remove the control point.
This breakthrough highlights the ongoing evolution of attack techniques and the need for continuous security improvements in mobile device USB implementations.
As the research will be formally presented at USENIX Security 2025, it is expected to drive industry-wide improvements in USB security protocols and potentially influence future mobile device security architectures.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post ChoiceJacking Vulnerability Lets Hackers Exploit Android & iOS Devices Through Malicious Chargers appeared first on Cyber Security News.
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
In honor of its Animal Crossing series' 25th anniversary, Nintendo has a special treat for…
A representative for pop star Katy Perry has issued a strongly worded response to sexual…
A representative for pop star Katy Perry has issued a strongly worded response to sexual…
ABILENE, Texas (KTAB/KRBC) – Dr. Paul Fabrizio was honored Monday at McMurry University by State…
This website uses cookies.