Charging Kiosks Can Lift Data from Your Devices
Charging kiosk at DefCon. Image: Krebs on Security
Next time you’re at the airport and your phone is running low on battery, reconsider powering up at the charging station.
Krebs on Security, a security blog, looked into a charging kiosk at DefCon, an annual hacker conference held in Las Vegas. The kiosk was built specifically to educate attendees about how data can be compromised when charging via USB at these stations.
When users were plugged in, the LCD screen on the charging station changed from “Free Cell Phone Charging Kiosk” to the following:
You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!
“We’d been talking about how dangerous these charging stations could be. Most smartphones are configured to just connect and dump off data,” said Brian Markus, president of Aires Security. “Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device.”
The blog said the safest way to charge your devices is to use a power cord that plugs into an outlet. If you must use a charging kiosk, power off your devices; this technique prevents data exposure.