New Juice Jacking Attack Bypasses Phone Protection

Researchers at Graz University of Technology have discovered a way to bypass the protection on USB ports to steal data from smartphones.
This type of ‘juice jacking’ involves using a charger to gain access to a phone’s data, and has been named ‘choicejacking’ in this instance.
To be successful, the attack requires the victim’s phone to be connected to the malicious charger and the screen to be unlocked; the charger acts like a keyboard, enabling Bluetooth on the phone and pairing with another Bluetooth component in the charger.
Once this is established, a normal USB data connection is created, and the Bluetooth connection is used to simulate tapping on the confirmation screen, allowing the USB connection to be used for data transfer.
Along with stolen pictures, documents and app data, hackers can also gain elevated access if USB debugging is enabled on the phone.
Google and Apple have implemented some protection measures, but these are not ubiquitous across devices.
To stay safe, avoid using public charging stations, ensure your phone OS is up to date, and use a Charge-Only USB cable or a USB Data Blocker.

Fast Feed