Header Ads

Plugging your iPhone to public charging is full of risk

Public Charging
Plugging your iPhone to public charging is full of risk
If you are also one of them who plug their smartphone to public charging stations or computers using USB cables you should be very careful. As this act make your device vulnerable to hackers, warn scientists including one of the Indian-origin.

Experts have long known the risks of charging a smartphone using a USB cord that can also transfer data.

The new research at New York Institute of Technology (NYIT) shows that even without data wires, hackers using a "side channel" can quickly find out what websites a user has visited while charging a device.

Must Read: Five must try features of iOS 10.3

Researchers, including NYIT Kiran Balagani, warn that "a malicious charging station" can use seemingly unrelated data - such as a device's power consumption - to extract sensitive information.

As a walk through any airport will show, most people are happy to plug their phones into public charging stations, putting their phones at risk of "juice-jacking," when a compromised outlet steals data through a USB data cable, researchers said.

The study is the first to show that even without a data cable, hackers can analyze a device's power needs to get at users' private information, with speed and accuracy depending on a number of factors.

The side-channel attacks were successful as "web pages have a signature that reflects the way they load and consume energy," said Paolo Gasti, assistant professor at NYIT.

The remaining power traces act as "signatures" and help hackers discover which sites have been visited.

Must Read: 10 iOS 10 Features which Apple didn’t talk on the launch

The researchers conducted the study using power use signatures they had previously identified and tested the attack under various conditions.

After collecting power traces via a range of smartphones browsing popular websites, researchers launched attacks and checked the accuracy with which their algorithms could determine which websites were visited while the phones were plugged in. 

Various factors such as battery charging level, browser cache enabled/disabled, taps on the screen, and Wi-Fi/LTE influenced the accuracy rate in tracking websites visited.

Must Read: 10 iOS 10 Features which Apple didn’t talk on the launch

Some conditions, such as a fully charged battery, facilitate a fast and accurate penetration, while others, such as tapping the screen while a page is loading, lessen hackers' ability to determine what website is being viewed.

The important finding from the study is that such an attack can be carried out successfully, researchers said.

No comments

Powered by Blogger.