You may want to think twice the next time you next fuel up. Your phone that is. Public charging stations, like those that you can't seem to get enough of in airports, have the potential to be another breeding ground for hackers to steal your information.
At DefCon, an annual conference for hackers (who are often security professionals) in Las Vegas, Aires Security built a charging station to help educate fellow security professionals on the risk of these charging stations. Krebs on Security reports that most of these people had not considered potential reifications of hooking up.
The few people I’ve asked while researching this story said they use these charging kiosks all the time (usually while on travel), but then said they’d think twice next time after I mentioned the possible security ramifications of doing so. Everyone I asked was a security professional.
. . .
At a conference where attendees are warned to stay off the wireless networks and avoid using the local ATMs, one might expect that security experts and enthusiasts would avoid using random power stations.
The creators said that at least 360 conference attendees readily connected their phones without thinking and were greeted by this message:
“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”
Even still, the comments for Brian Marcus, president of Aires Security, were the most rewarding -- an probably telling -- part of this awareness exercise.
“One guy that clearly seemed stressed and in a hurry to get his phone topped off said, ‘I don’t care, take my data, I need my phone charged to make a phone call!’” Others said they planned to wipe their phones after leaving the hacker conference anyway.
. . .
Another DefCon attendee remarked, “This freaked my boss out so much he sent an email across the entire company stating employees are now required to bring power cables and/or extra batteries on travel, and no longer allowed to use charging kiosks for smart devices in open public areas.”
PC World points out that most smartphones are often automatically programmed to transfer data or sync when connected to a USB port, making them susceptible to malware. Krebs on Security includes this comment from a conference attendee, which proves that even when you think you're phone is secure, it may not be:
“One attendee claimed his phone had USB transfer off and he would be fine. When he plugged in, it instantly went into USB transfer mode,” Markus recalls. “He then sheepishly said, ‘Guess that setting doesn’t work.’”
Though charging stations may be an attractive option to juice up -- Aires Security purposely made theirs attractive with many loose hang, free USB hook-ups -- bringing your own plug adapter to charge your phone bay be the safest bet.
[H/T PC World]