Smartphone “Video Jacking” From Power Sockets

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers

Aries Security, a cyber-security company, claims that every major smartphone such as the iPhones, Samsung Galaxy and Google’s Nexus when plugged into public charging stations are vulnerable to the hacking threat called “video jacking.”

According to security experts, many airports, convention centers and public places that offer free charging stations, complete with different cables to charge a variety of smartphones are vulnerable to hacking, as hackers could rig those stations to watch every move you make while connected to the charging station.

“You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded,” said Brian Markus, CEO of Aries Security who discovered the threat along with colleagues.

So, what is video jacking? In this kind of attack, custom electronics hidden inside are used which appears to be a USB charging station. The moment a vulnerable smartphone is connected to the appropriate USB charging cord, the spy machine splits the smartphone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in, including account numbers, passwords, PINs, texts, emails, pictures and videos.

“From the moment that you plug in that cable to the moment that you unplug, that cable is exposed and recorded,”  told CNBC.

The CEO of Aries Security who discovered the threat along with colleagues describes video jacking this way, “You go into your online banking application to take a photo of a check, well, that’s recorded. … When you connect to your contacts, all of that is recorded. If you do an e-mail or a text, everything on the screen is 100 percent recorded.”

How does video jacking work?

According to Markus, video jacking takes place when an iPhone, Samsung Galaxy or Google phone is charged in a rigged public charging station. All the hacker needs to do is hide an HDMI [high-definition multimedia interface] splitter and recorder in the charging station.

An HDMI cable is a widely available smartphone accessory that allows images from a phone to be projected onto a TV screen.

Once a smartphone is plugged in, the charging station uses the built-in HDMI to secretly record everything that the user does on the smartphone without his or her knowledge.

Google declined to comment and Apple and Samsung did not respond to CNBC’s request.

To prevent possible attacks through unknown charging points, Kaspersky advises smartphone users to exercise the following:

• Use only trusted USB charging points

• Protect your mobile phone with a password, or with another method such as fingerprint authentication, and never unlock it while charging

• Use encryption technologies and secure containers

PlugInEurope

 

« Yes, US Voting Machines Are Vulnerable To Hacking
Internet of Insecure Things »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

UM Labs

UM Labs

UM Labs is a developer of security products for Voice over IP (VoIP), protecting SIP trunk connections, safeguarding mobile phone communications and enabling BYOD.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Camms

Camms

Camms are a team of experienced professionals dedicated to providing innovative GRC software solutions that help organizations manage risk, make informed decisions, and drive positive change.