A. Smile your thanks, grab the cable and plug in your phone.
B. Say “No, thank you,” before walking away, dead smartphone and all.
If you chose B, you made the right decision. Cybersecurity experts are warning against using a stranger’s charging cable or even borrowing one from an airport official or front-desk concierge at a hotel.
“There are certain things in life that you just don’t borrow,” says Charles Henderson, global managing partner and head of X-Force Red at IBM Security. “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.”
Henderson heads a team of hackers that clients privately hire to break into their computers to identify vulnerabilities before blackhat hackers do. Henderson’s team will often send clients a compromised iPhone cable in the mail to see if the client will plug it in or if they’ve learned to be more cautious by discarding the charger instead.
Henderson warns that cyberhackers can easily implant charging cables with malware that can be used to hijack mobile devices and computers. This can spell complete disaster for the desperate traveler who graciously accepted the spare cable from their fellow passenger and plugged in their device.
At the annual DEF CON Hacking Conference in Las Vegas, a hacker known as MG showed the attendees how he had modified an iPhone lightning cable to serve as a hacking device. MG used the cable to connect an iPod to a Mac computer and then remotely accessed the cable’s IP address to take control of the Mac. These compromised cables are available on the Darknet for just $200 each.
Don’t be fooled into thinking that charging cables left over by previous guests in the front desk of the hotel are any better than a cable offered by a stranger.
“If the front desk had a drawer full of underwear,” says Henderson, “would you wear those?”
Unlike most scams aiming for as wide a target base as possible, using a charging cable to hack a victim’s device can only be pulled off on one victim at a time. Lucky for us, this means the charging cable hack isn’t as popular or widespread – yet. Henderson warns that the relatively inexpensive technology required for the hack and the fact that it is so easy to make the cable look completely innocent could mean an upsurge in these scams in the near future.
For now, it’s best to be aware of this threat and to practice caution when travelling.
Henderson adds that using public USB charging stations is currently a larger threat than compromised cables. These stations can easily be compromised and open your device to all sorts of malware and vulnerabilities. It’s best to use your own charger at all times.
“In a computing context, sharing cables is like sharing your password,” says Henderson, “because that’s the level of access you’re crucially conveying with these types of technology.”
To avoid falling victim to this hack, always pack an extra charging cable in your handbag. If you forgot to take one along or you can’t seem to find it, purchase a new one to use while you’re away. You can find charging cables in almost any convenience store for under $10 – a small investment for your safety.
The next time you’re running low on juice and a stranger offers you the use of their charging cable, make the safe choice!
Your Turn: Have you ever been targeted by using a borrowed charging cable? Tell us about it in the comments.
« Return to "The Nest (Eagle's Blog)"