Can your images and different knowledge be downloaded or erased out of your smartphone whereas it’s charging from a public charging port — on public transport, in a clinic, on the airport, and so forth? Regardless of producers’ security measures, it’s typically attainable.
Hackers first got here up with such assaults method again in 2011: if an innocent-looking USB charging port doesn’t simply provide electrical energy however comprises a hidden laptop, it will possibly hook up with your smartphone in data-transfer mode utilizing the Media Switch Protocol (MTP) or Image Switch Protocol (PTP) and extract knowledge from the system. This assault turned often called juice-jacking, and each Google and Apple rapidly got here up with a safeguard: when a smartphone is related to a tool supporting MTP/PTP, it asks the consumer whether or not to permit knowledge switch or simply cost. For a few years, this easy precaution appeared to unravel the issue… till 2025 — when researchers from Graz College of Expertise in Styria, Austria, found a approach to bypass it.
ChoiceJacking assault
Within the new assaults — dubbed ChoiceJacking assaults — a malicious system disguised as a charging station confirms by itself that the sufferer supposedly needs to attach in data-transfer mode. Relying on the producer and OS model, there are three variants of the assault. Every variant finds a special approach to bypass a sure limitation within the USB protocol: a tool can not function in each host mode (as a pc) and peripheral mode (e.g., as a mouse or keyboard) on the similar time.
The primary methodology is essentially the most advanced however works on each iOS and Android. A microcomputer is disguised as a charging station. This microcomputer can hook up with a smartphone as a USB keyboard, USB host (laptop), and Bluetooth keyboard.
When the smartphone is plugged in, the malicious station emulates a USB keyboard and sends instructions to activate Bluetooth and hook up with a Bluetooth system — the exact same malicious laptop, now impersonating a Bluetooth keyboard. After that, the system reconnects by way of USB, now posing as a pc. The smartphone asks the consumer whether or not to permit knowledge switch — and the malicious system confirms the request by way of a Bluetooth “keystroke”.
The second methodology solely works on Android and doesn’t require Bluetooth. The malicious charger pretends to be a USB keyboard and floods the smartphone with keystrokes — overwhelming the enter buffer. Whereas the OS is busy processing this meaningless enter, the charger disconnects and reconnects — this time as a pc. A immediate seems on display asking which mode to attach in, and proper at that second the tail finish of the keyboard enter buffer performs out, containing a keystroke sequence that confirms connection in data-transfer mode (MTP, PTP, and even ADB debug mode).
The third methodology — additionally Android-only — exploits the truth that all examined smartphones incorrectly implement the Android Open Entry Protocol (AOAP). The malicious system connects as a pc instantly, and when the affirmation display seems, it sends the required keystroke occasions by way of AOAP. In accordance with the protocol, simultaneous operation in each USB-host and AOAP modes is prohibited — however in follow, this restriction is usually ignored.
Which units are shielded from USB ChoiceJacking?
Each Apple and Google blocked these assault strategies in iOS/iPadOS 18.4, and Android 15, respectively. Now, with a view to verify USB knowledge switch, it’s not sufficient to easily press Sure — that you must move biometric authentication or enter a password. Sadly, on Android, the OS model alone doesn’t assure your smartphone’s security. For instance, Samsung units operating the One UI 7 shell don’t request authentication — even after updating to Android 15.
That’s why Android customers who’ve up to date to Android 15 are suggested to attach their smartphone to a identified secure laptop by way of a cable and test whether or not a password or biometric affirmation is required. If not — keep away from public charging stations.
How critical is that this, and find out how to shield your self?
Whereas regulation enforcement businesses have sometimes warned about USB data-theft assaults (1, 2), no real-world assaults have ever been publicly documented. This doesn’t imply they’ve by no means occurred, but it surely clearly isn’t a widespread menace.
When you’re involved about such assaults, it is best to solely cost you units utilizing your individual trusted charger or energy financial institution, or use a USB knowledge blocker — an adapter that permits solely energy to circulation by way of the cable whereas stopping knowledge transmission. These adapters, additionally known as “USB Condoms”, are fairly efficient, however can decelerate charging on newer smartphones since in addition they block the info alerts required for Fast Cost mode. Alternatively, you possibly can use an inexpensive charge-only USB cable (which might’t transmit knowledge), however it is best to check it first with a trusted laptop to make sure no data-transfer immediate seems on the display; then you definitely’ll want to hold it round with you all over the place — and needless to say it additionally guidelines out Fast Cost.
Essentially the most essential and extensively out there safety is updating to the newest variations of Android or iOS.
When you ever end up in a bind — with an outdated OS, no blocker, and an pressing want to make use of the closest USB charger — simply stay vigilant whereas charging. While you join the telephone, watch the display: if it doesn’t simply begin charging however prompts you to decide on the connection kind, choose Charging solely. When you’re actually frightened about your knowledge, it’s higher to unplug and search for a much less “good” port.
For extra on different uncommon smartphone hacks — test these out:
