Smartphone “Video Jacking” From Power Sockets

Uploaded on 2016-10-28 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Aries Security, a cyber-security company, claims that every major smartphone such as the iPhones, Samsung Galaxy and Google’s Nexus when plugged into public charging stations are vulnerable to the hacking threat called “video jacking.”

According to security experts, many airports, convention centers and public places that offer free charging stations, complete with different cables to charge a variety of smartphones are vulnerable to hacking, as hackers could rig those stations to watch every move you make while connected to the charging station.

“You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded,” said Brian Markus, CEO of Aries Security who discovered the threat along with colleagues.

So, what is video jacking? In this kind of attack, custom electronics hidden inside are used which appears to be a USB charging station. The moment a vulnerable smartphone is connected to the appropriate USB charging cord, the spy machine splits the smartphone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in, including account numbers, passwords, PINs, texts, emails, pictures and videos.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,”  told CNBC.

The CEO of Aries Security who discovered the threat along with colleagues describes video jacking this way, “You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded.”

How does video jacking work?

According to Markus, video jacking takes place when an iPhone, Samsung Galaxy or Google phone is charged in a rigged public charging station. All the hacker needs to do is hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station.

An HDMI cable is a widely available smartphone accessory that allows images from a phone to be projected onto a TV screen.

Once a smartphone is plugged in, the charging station uses the built-in HDMI to secretly record everything that the user does on the smartphone without his or her knowledge.

Google declined to comment and Apple and Samsung did not respond to CNBC’s request.

To prevent possible attacks through unknown charging points, Kaspersky advises smartphone users to exercise the following:

• Use only trusted USB charging points

• Protect your mobile phone with a password, or with another method such as fingerprint authentication, and never unlock it while charging

• Use encryption technologies and secure containers

PlugInEurope

 

« Yes, US Voting Machines Are Vulnerable To Hacking
Internet of Insecure Things »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Axence

Axence

Axence provides professional solutions for the comprehensive management of IT infrastructure for companies and institutions all over the world.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau

Lithuanian National Accreditation Bureau is the national accreditation body for Lithuania. The directory of members provides details of organisations offering certification services for ISO 27001.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

ThreatCaptain

ThreatCaptain

ThreatCaptain is a Cybersecurity Leadership Development Company driven to enhance and illuminate cybersecurity risk through strategic alignment and informed business decision-making.