- Researchers have identified new methods to exploit backdoors into Android and iOS to steal data.
- “Choicejacking” is an evolution of the infamous juice jacking technique and also uses a rigged USB charger or cable to initiate data theft on your mobile devices.
- Choicejacking uses a combination of techniques to bypass existing juice jacking protection while faking user input to enable permissions illicitly.
Juice jacking is a decade-old technique where hackers can install spyware and gain access to your phone when you use a public charging point to juice up (hence, the name) the phone’s battery. Over the years, Google and Apple have enforced restrictions that prevent data transfer, especially when your phone is locked. Although these measures have been believed to suffice, researchers recently discovered they may not be enough, primarily in the face of more sophisticated attacks.
Researchers at TU Graz, Austria, recently identified a series of novel techniques that can bypass existing preventive restrictions and access data on anyone’s iPhone or Android device using the USB port. They have named the new technique “Choice-jacking,” a wordplay on the familiar technique of juice jacking. In the paper, researchers claim they were able to spoof user actions, such as actively switching from just charging to data transfer and allowing a prompt that enables an external system or device to access files and settings on your phone. The nature attack involves replicating user choices, which could have led to the naming.