Pretty much everybody uses USB cables, be it at home or at work. Charging smartphones over USB is extremely convenient but security vendor Kaspersky Lab cautions that not every USB port is safe to use. The company noted that attackers can steal files and infect smartphones with malware over unsafe USB connections. Here's what you need to know.
USB charger image from Shutterstock
We already know that aftermarket USB cables can pose a danger to devices that they charge and can even electrocute people. Kaspersky Lab wants to warn people about how a USB connection, even if it was just intended to charge a device, can be used by criminals to extract data from smartphones or infect them with nasty viruses that could potentially do a lot of damage.
USB ports are designed to transfer data; that much we already know. Most Android phones use a data transfer standard that restrict transmission of data over USB unless the phone is unlocked but it's not uncommon for people to play with their phone while it's on charge.
Even if the phone remains locked, Kaspersky Lab argues data can still be transmitted, thanks to a legacy system of commands called AT-commands:
"To give you an idea of what can be done using AT commands: They enable an attacker to get your phone number and download the contacts which are stored in the SIM card. Then, they can call any number — at your expense, of course. (And if you’re roaming, such surprise calls may quickly drive your balance into the red.) Depending on your vendor, this mode can also open access to install any type of application — including malicious ones. All of the above is possible even if your smartphone remains locked!"
While the vendor does warn against using USB ports for charging devices in general, it's such a common practice these days that I doubt this warning will deter many people. Still, it's worth noting that there are USB cables out there that allow you to charge your phone without any data being transfer.
What are your thoughts about this warning from Kaspersky Lab? Let us know in the comments.
[Via Kaspersky Lab blog]