Smartphone “Video Jacking” From Power Sockets

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Aries Security, a cyber-security company, claims that every major smartphone such as the iPhones, Samsung Galaxy and Google’s Nexus when plugged into public charging stations are vulnerable to the hacking threat called “video jacking.”

According to security experts, many airports, convention centers and public places that offer free charging stations, complete with different cables to charge a variety of smartphones are vulnerable to hacking, as hackers could rig those stations to watch every move you make while connected to the charging station.

“You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded,” said Brian Markus, CEO of Aries Security who discovered the threat along with colleagues.

So, what is video jacking? In this kind of attack, custom electronics hidden inside are used which appears to be a USB charging station. The moment a vulnerable smartphone is connected to the appropriate USB charging cord, the spy machine splits the smartphone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in, including account numbers, passwords, PINs, texts, emails, pictures and videos.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,”  told CNBC.

The CEO of Aries Security who discovered the threat along with colleagues describes video jacking this way, “You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded.”

How does video jacking work?

According to Markus, video jacking takes place when an iPhone, Samsung Galaxy or Google phone is charged in a rigged public charging station. All the hacker needs to do is hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station.

An HDMI cable is a widely available smartphone accessory that allows images from a phone to be projected onto a TV screen.

Once a smartphone is plugged in, the charging station uses the built-in HDMI to secretly record everything that the user does on the smartphone without his or her knowledge.

Google declined to comment and Apple and Samsung did not respond to CNBC’s request.

To prevent possible attacks through unknown charging points, Kaspersky advises smartphone users to exercise the following:

• Use only trusted USB charging points

• Protect your mobile phone with a password, or with another method such as fingerprint authentication, and never unlock it while charging

• Use encryption technologies and secure containers

PlugInEurope

 

« Yes, US Voting Machines Are Vulnerable To Hacking
Internet of Insecure Things »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

NTIC Cyber Center

NTIC Cyber Center

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Force Majeure

Force Majeure

Force Majeure specializes in cybersecurity, incident response, and digital forensics, with experience spanning more than a decade.

Char49

Char49

Char49 specialize in Penetration Testing, Red Team Assessment, Social Engineering and Security Research.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Intel 471

Intel 471

Intel 471 provides adversary and malware intelligence for leading intelligence, security and fraud teams.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.