Smartphone “Video Jacking” From Power Sockets

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Aries Security, a cyber-security company, claims that every major smartphone such as the iPhones, Samsung Galaxy and Google’s Nexus when plugged into public charging stations are vulnerable to the hacking threat called “video jacking.”

According to security experts, many airports, convention centers and public places that offer free charging stations, complete with different cables to charge a variety of smartphones are vulnerable to hacking, as hackers could rig those stations to watch every move you make while connected to the charging station.

“You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded,” said Brian Markus, CEO of Aries Security who discovered the threat along with colleagues.

So, what is video jacking? In this kind of attack, custom electronics hidden inside are used which appears to be a USB charging station. The moment a vulnerable smartphone is connected to the appropriate USB charging cord, the spy machine splits the smartphone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in, including account numbers, passwords, PINs, texts, emails, pictures and videos.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,”  told CNBC.

The CEO of Aries Security who discovered the threat along with colleagues describes video jacking this way, “You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded.”

How does video jacking work?

According to Markus, video jacking takes place when an iPhone, Samsung Galaxy or Google phone is charged in a rigged public charging station. All the hacker needs to do is hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station.

An HDMI cable is a widely available smartphone accessory that allows images from a phone to be projected onto a TV screen.

Once a smartphone is plugged in, the charging station uses the built-in HDMI to secretly record everything that the user does on the smartphone without his or her knowledge.

Google declined to comment and Apple and Samsung did not respond to CNBC’s request.

To prevent possible attacks through unknown charging points, Kaspersky advises smartphone users to exercise the following:

• Use only trusted USB charging points

• Protect your mobile phone with a password, or with another method such as fingerprint authentication, and never unlock it while charging

• Use encryption technologies and secure containers

PlugInEurope

 

« Yes, US Voting Machines Are Vulnerable To Hacking
Internet of Insecure Things »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Cyber, Space, & Intelligence Association (CSIA)

Cyber, Space, & Intelligence Association (CSIA)

CSIA focuses on issues critical to Cyber Security, Military Space and Intelligence.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Six Degrees

Six Degrees

Six Degrees is a leading secure, integrated cloud services provider. We protect UK organisations and help them thrive in the cloud by giving them secure platforms to innovate and grow.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Broadcom

Broadcom

Broadcom is a global technology leader that designs, develops and supplies a broad range of semiconductor and infrastructure software solutions.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Glasstrail

Glasstrail

Glasstrail are single-minded about helping organisations gather intelligence and manage vulnerabilities in their attack surface before adversaries exploit them.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.