Mobile Threat Catalogue

Malicious Charging Station

Contribute

Threat Category: Physical Access

ID: PHY-1

Threat Description: Malicious charging stations can be present in any public location. The adversary oprating the charging station could run exploits or attempt to install malware over the device connection.

Threat Origin

MACTANS: Injecting Malware Into iOS Devices Via Malicious Chargers 1

Exploit Examples

Researchers Show How to Hack an iPhone in 60 Seconds 2

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Device User

Avoid use of public charging stations, which may house malicious chargers.

Ensure Android USB debugging is disabled unless explicitly needed (e.g. by app developers).

Do not accept any prompt to trust an untrusted or public USB charger.

References

  1. B. Lau et al. , MACTANS: Injecting Malware Into iOS Devices Via Malicious Chargers, presented at BlackHat, 3-4 Aug. 2013. https://macsecurity.net/view/50-mactans-injecting-malware-into-ios-devices-via-malicious-chargers [accessed 7/27/22]. 

  2. V. Blue, “Researchers Show How to Hack an iPhone in 60 Seconds”, ZDNet, 31 July 2013; www.zdnet.com/article/researchers-reveal-how-to-hack-an-iphone-in-60-seconds/ [accessed 8/25/2016]