Charging your phone at public stations is not a good idea, here's why
Experts
have long known the risks of charging a smartphone using a USB cord that can
also transfer data.
Plugging
your smartphone to public charging stations or computers using USB
cables can make your device vulnerable to hackers, warn scientists including
one of Indian origin.
Experts
have long known the risks of charging a smartphone using a USB cord that can
also transfer data.
The
new research at New York Institute of Technology (NYIT) shows that
even without data wires, hackers using a "side channel" can quickly find
out what websites a user has visited while charging a device.
Researchers,
including NYIT Kiran Balagani, warn that "a malicious charging
station" can use seemingly unrelated data - such as a device's power
consumption - to extract sensitive information.
As
a walk through any airport will show, most people are happy to plug their
phones into public charging stations, putting their phones at risk of
"juice-jacking," when a compromised outlet steals data through a USB
data cable, researchers said.
The
study is the first to show that even without a data cable, hackers can analyse
a device's power needs to get at users' private information, with speed and
accuracy depending on a number of factors.
The
side-channel attacks were successful as "webpages have a signature that
reflects the way they load and consume energy," said Paolo Gasti,
assistant professor at NYIT.
The
remaining power traces act as "signatures" and help hackers discover
which sites have been visited.
The
researchers conducted the study using power use signatures they had previously
identified and tested the attack under various conditions.
After
collecting power traces via a range of smartphones browsing popular websites,
researchers launched attacks and checked the accuracy with which their algorithms
could determine which websites were visited while the phones were plugged in.
Various factors such as battery charging level, browser cache enabled/disabled,
taps on the screen, and Wi-Fi/LTE influenced the accuracy rate in tracing
websites visited. Some conditions, such as a fully charged battery, facilitate
a fast and accurate penetration, while others, such as tapping the screen while
a page is loading, lessen hackers' ability to determine what website is being
viewed.
The
important finding from the study is that such an attack can be carried out
successfully, researchers said. In the study, the slower, less accurate
attempts at penetration were still accurate within six seconds about half the
time.
"Although
this was an early study of power use signatures, it's very likely that
information besides browsing activity can also be stolen via this side
channel," said Gasti.
"Since
public USB charging stations are so widely used, people need to be aware that
there might be security issues with them. For example, informed users might
choose not to browse the web while charging," he said.
Regards
Pralhad Jadhav
Senior Manager @
Knowledge Repository
Khaitan
& Co
Upcoming
Event | MANLIBNET 17th
Annual International Conference on 15-16 September 2017 at Jaipuria, Noida,
India
No comments:
Post a Comment