We’ve all had that panic moment: when you realize your phone is about to die and you either don’t have a charger or can’t find an outlet.
So it’s pretty convenient that USB charging stations are popping up at more and more places.
But before you plug in, there’s a new warning you need to know about!
Read more: Common smartphone scams to avoid
Hackers using ‘video jacking’ to steal your information
According to a report from security site KrebsOnSecurity, not all of those USB charging stations are just for random people’s convenience.
Security researchers have discovered an easy way for hackers to get access to your smartphone when you think you’re simply charging it.
Known as ‘video jacking,’ the method uses the same function that allows your phone to mirror its screen on a larger screen — like a computer or TV — giving thieves the ability to watch everything you do on your phone while it’s plugged in.
So you plug your phone into the USB charging station and then hackers record everything you open, look at and type — which means your phone’s passcode, account usernames, passwords, emails, texts, videos, pictures and everything else.
According to KrebsOnSecurity, the problem is that many phones can’t recognize whether the USB cord is being used to simply charge the device or mirror the screen onto a larger one.
‘All of those phones have an HDMI access feature that is turned on by default,” researcher Brian Markus, co-founder and chief executive officer for Aries Security, told Krebs. “A few HDMI-ready phones will briefly flash something like ‘HDMI Connected’ whenever they’re plugged into a power connection that is also drawing on the HDMI feature, but most will display no warning at all. This worked on all the phones we tested with no prompting.”
How to know if your phone is at risk
According to Markus, ‘most of the phones vulnerable to video jacking are Android or other HDMI-ready smartphones from Asus, Blackberry, HTC, LG, Samsung, and ZTE. This page of HDMI enabled smartphones at phonerated.com should not be considered all-inclusive. Here’s another list. When in doubt, search online for your phone’s make and model to find out if it is HDMI or MHL ready.’
Markus told Krebs he tested an iPhone 6 at an Apple store and ‘the video of the iPhone 6’s home screen popped up on the display in the store without any prompt. Getting it to work on the display required a special lightning digital AV adapter from Apple, which could easily be hidden inside an evil charging station and fed an extension adapter and then a regular lightning cable in front of that.’
Bottom line: If you want to avoid putting yourself at risk, try to remember to carry your phone charger with you if you think you may need it. You can also get a portable charger, which doesn’t require you to search for an outlet when your phone battery gets low.
Bonus tip: Use caution when syncing your phone with a rental car’s infotainment system
This is another opportunity for hackers to get access to your information. If criminals get into the car’s system while your phone in synced, they could download malware onto your device and steal your account information and other data stored in your phone.
So if you’re in a rental car, you may want to just stick to the radio and use your phone separately to avoid any potential dangers.