Is Your Aftermarket Cellphone Charger Phoning Home?

Risks of USB chargers for cell phones from Paul Pomes writing in The Risks Digest Volume 25, Issue 90:

My wife recently purchased a no-name third-party USB charger for her Droid cell phone. When the included cable is connected to the USB port of her laptop, the phone charges normally albeit somewhat slowly. Connecting the cable to the included voltage-sensing wall transformer starts a menagerie of interesting effects: opening applications, creating garbled text messages, changing settings, etc. No doubt this is due to floating signal lines with induced voltages that is triggering this storm of activity.

It takes little imagination, however, to visualize more sinister applications. A very small amount of logic, specific for each cell phone model the charger is marketed for, could be embedded inside the plastic transformer block. After a few minutes delay the phone could be probed for sensitive information and the results sent to an electronic dead-drop. The risk is a classic trade-off of security vs convenience. Having a single charger for our Kindles, cell phones, PDAs simplifies the number of ancillary chargers we need to tote around. Mixing the mission of power supply and data conduit opens a covert channel.

Paul Pomes, DVM (formerly a network and computer security engineer until I got tired of meetings)

I suspect phone hacks of one sort or another could be the tech privacy story of the next two years. Phones are getting more powerful; they're minicomputers now and used for drafting email and short documents and even spreadsheets. Plus, there's just a lot less anti-virus tech available and in use than for PCs. Most importantly, people don't yet think of their phones as soft targets.

This entry was posted in Sufficiently Advanced Technology. Bookmark the permalink.