The specialists of “Kaspersky Lab” claim that can charge a mobile phone using the USB ports of computers insecure, as it opens the way into a system the attackers and can lead to data theft and security of the device ON the computer. The company told her about the conducted experiment.
The company’s experts tested a number of smartphones, including iPhone 5, and found that while connected to the computer using a standard USB cable the device automatically exchanging a set of data — how exactly depends on the manufacturer, OS version, device firmware. This can be the name and device type, manufacturer name, serial number, the firmware information, operating and file systems, and others.
“The danger is that this data can use to the cybercriminals because the identity of the device allows it to determine vulnerabilities and gain control over it”, — stated in the message “Kaspersky Lab”. As shown in the experiment, this can be done through one of the modem commands, restarting the smartphone in a mode of firmware updates.
“As a result of these actions on the device can be discreetly installed an app to control a system file that cannot be deleted by standard means. User data is left in place, but the gadget is completely compromised. Thus, this technique gives attackers the ability to install and uninstall applications, copy messages, photos and videos, the app cache and files, encrypt and remove data, etc., warns Kaspersky Lab.
According to the report, cases of data theft from smartphones connected to the computer, is already known. Did, for example, cybergroove “Red October”. Thanks to the information obtained as a result of the connection with the USB port, the attackers identified the model used by the victim and carried out the attack with the help of a special exploit.
“Owners of mobile devices can be seriously affected, because in this way the system can be implemented for anything from advertising to software encryption. This can make even an Amateur hacker, because the necessary information can be easily found online. Such attacks especially should be wary of the employees of large companies responsible for making decisions,” — are reported words of the researcher “Kaspersky Lab” Alexey Komarov.