It’s likely that every one of us has found ourselves in a situation where our phone is dying so we have no charger readily available, but at the exact same time we desperately have to stay connected to answer an essential call, receive a text message or email, whatever.
It really is perfectly normal to consider any source of valuable electricity on such event any USB port would do. But is it safe? No. In fact, it may be dangerous: Over a USB connection someone can steal your files, infect your smartphone with something nasty or even brick it.
Ride the lightning
We must point out that not all electricity is equally good for your phone before we get to the problem of thieves. The Internet is saturated in complaints, filed mostly by users who attempted to charge their fancy phones by connecting them to aftermarket (or non-original) chargers. In certain instances doing so turned the phones into quite bricks that are expensive. In the most bizarre instances, people holding the phone in their hands were seriously injured and even killed.
Regrettably, these are more than simply accidents. For example, last 12 months we saw a twisted device appropriately named USB Killer. It contained an impressive group of capacitors, housed in A usb-flash-drive-size frame, that would discharge 220 V into a USB slot. Such discharge would destroy the USB port at minimum, and possibly fry your whole computer’s motherboard in a worst-case scenario. We question that you’d would like to try your phone’s durability in such a way.
Show me your files, baby
Next, USB ports were created maybe not just to offer charge, but in addition to transfer data. So whenever a device that is mobile connected up to a USB slot, it attempts a handshake, during which it transmits some data. The absolute most data-wasteful are phones based on Android platform 4.x and earlier they connect in MTP (Media Transfer Protocol) mode by default, exposing all of this device’s files.
On average, it takes more than 100 kilobytes of data just to tell the host system in regards to the phone’s files and folders for reference, that’s about the size of Alice in Wonderland e-book.
Locking the telephone will save you from such exposure but, honestly, would you avoid using the phone while it’s charging? And would you always disconnect the phone from the USB port when a text is received by you message, for instance?
Now, let’s take a closer examine the information that is sent to the USB port also when the mobile is in “charging only” (obstructed) mode. The amount of information varies depending on the mobile’s platform and the running system of the host, but whatever the case it’s more than “just charge, absolutely nothing personal” as we learned, this information includes device name, merchant name, and serial number.
Full access and beyond
You may think the info transmission problem is not a big deal, however the problem as we’ve discovered by searching into publicly available information about one specific merchant is that they enable much more than specified by the machine.
Exactly How is that possible?
It is carried out by a legacy system of commands called AT-commands. The AT commands were developed a few decades ago to enable the modem and PC communications. Later, the set was contained in the GSM standard, and to this day it is supported in all smart phones. To give you an idea of what can be done using commands that are AT They enable an attacker to get your phone number and download the contacts that are saved in the SIM card. Then, they are able to call any quantity at your expense, needless to say. ( if you’re roaming, such surprise phone calls may quickly drive your balance into the red.) Based on your vendor, this mode can also open access to install any sort of application including harmful ones.
All regarding the above can be done even if your smartphone remains locked!
Last but not least: Remember that you can never ever tell what exactly is on the other side of the USB that is normal-looking port. A USB slot is something that gathers data concerning the products that are connected to it, a power that is flawed, a strong capacitor, or a computer that installs a backdoor on your device. You merely cannot know before you plug in your device so don’t.
For more information visit: