contadores de paginas web Saltar al contenido

Don't recharge your iPhone or iPad anywhere


Every time I read Apple Security, the lack of security in the devices created by the Manzanita company never ceases to amaze me. Recin read about an attack technique known as Juice Jacking which involves stealing information from devices (like photos) simply by connecting them to recharge batteries.

At the last Defcon, a computer security conference, attendees were educated on this problem through kiosks or recharge towers such as the following:

In the photo you can see a person who innocently charges his mobile and on the screen a warning that says something like You shouldn't trust public charging kiosks. The information can be stolen without your consent, luckily in this case we have taken the ethical path and your data is safe. Enjoy the free charge!

The problem with these towers is that we don't know what is at the end of the USB cable, it can be a charger or a computer that automatically copies information and installs malware:

It is something very similar to USB Dumping attacks that allow you to automatically copy the content of a flash drive when connected to a computer, but in this case no special program is necessary, you can try it yourself with the mobile and the computer.

I just did it with my iPhone, by connecting it to my computer to recharge I could access, transfer and delete the photos even being locked or turned off!

Although it is blocked you can access the photos

However, it is important to mention that if the device connects for the first time on a computer (at least with iOS 4 onwards) information will not be accessible until it is unlocked. Which happens at charging stations often happens as users take advantage of using it while recharging … so don't use it while charging!

On the other hand in Android the behavior is different, to access the data requires user interaction by activating the USB function, but does not require the unlock code And that could be a privacy problem. If the device is connected off, it only charges:

Thanks @ elQuiquepor the capture of the Android.

See also: 1234 the most used iPhone password.Turn message preview off on iPhone.