In a recent security alert, the Los Angeles attorney warned travelers to avoid charging their smartphones and other devices using public USB charging stations because they could contain dangerous malware.
USB has been designed to transfer both power sources and data and security. Cybercriminals have learned to use USB connections to deliver malicious payloads to users who thought they were just charging their devices.
In recent years, several proofs of concept have been created, the most notable being Mactans, which was presented at the Black Hat security conference in 2013. Although the device may look like a regular USB wall charger, it has the ability to implement malware on iOS devices.
In 2016, Samy Kamkar, a security researcher, deepened this idea and created an Arduino-based device called the KeySweeper. It looked like a USB wall charger and could power smartphones, but it also used a wireless connection to passively detect, decrypt, and record all keystrokes for all Microsoft wireless keyboards in its range.
Malware in plain sight
The Los Angeles District Attorney's warning titled "USB Charger Scam" provides consumers with information on the various ways criminals can use USB wall chargers and even USB cables to infect their devices.
Plug-in USB wall chargers are the most common way for consumers to experience a "nobody" attack because a malicious charger can easily leave a malicious charger in a public place such as an airport or hotel. However, criminals can now load malware onto public charging stations, which means that public USB ports pose a security risk as well.
USB cables and the O.MG cable, presented at this year's DefCon Cybersecurity Conference, similarly illustrate the possibility of “accidentally” leaving a charger, as well as USB cables. USB cable itself.
To avoid being the victim of a "prankster" attack, Los Angeles officials advise travelers to use AC power outlets instead of USB charging stations and to bring their own chargers when on the move. While traveling can certainly be fun, it is also the time when consumers are most likely to be scammed or even targeted by cyberattacks.
Through ZDNet