PHY-2 · Mobile Threat Catalogue

Mobile Threat Catalogue

Attack via a connection from an untrusted or compromised mobile device to a PC

Contribute

Threat Category: Physical Access

ID: PHY-2

Threat Description:

Threat Origin

Exploiting Smart-Phone USB Connectivity for Fun and Profit 1

Exploit Examples

New Malware Tries to Infect Android Devices Via USB Cable 2

CVE Examples

Not Applicable

Possible Countermeasures

Mobile Device User

When charging a device, avoid connecting mobile devices directly to computers, and prefer the use of simple corded chargers obtained directly from the device vendor.

To prevent some attacks over USB connectivity, disable USB debugging on Android devices when that feature is not in use.

To reduce the opportunity for an attacker to directly connect a device to a malicious computer, use strong physical security when a device is being left directly unattended (e.g., lock it in a secure container).

To prevent some attacks over USB connectivity, ensure the device has an unlock code set and is explicitly locked when being left directly unattended.

References

  1. Z. Wang and A. Stavrou, “Exploiting Smart-Phone USB Connectivity for Fun and Profit”, in Proceedings of 26th Annual Computer Security Applications Conference, 2010, pp. 357-365. 

  2. G. Sims, “New Malware Tries to Infect Android Devices Via USB Cable”, 27 Jan. 2014; www.androidauthority.com/new-malware-tries-infect-android-devices-via-usb-cable-339356/ [accessed 8/31/2016]