nvkhkhr
Prime VIP
It’s only considered good form to let someone recharge their low battery smartphone from a stray USB port if they come up to you with pleading eyes in some Starbucks, but you should resist the temptation to help a brother or sister out: you might be opening yourself up for a malware attack, particularly if the phone in question is an Android handset.
Professor Angelos Stavrou from George Mason University has figured out a system in which a compromised Android smartphone can mount as a standard human input device (or HID) when plugged into a Windows, Linux or Mac PC, thereby giving keyboard and mouse access over to either preloaded malware or a remote hacker connected to the Android phone.
The scariest part of this is the new device installation happens automatically, with almost notification that there’s anything untoward taking place. Worse, Professor Stavrou says the hack could easily be hacked to run on jailbroken iOS devices. Even antivirus and antimalware software won’t spot the intruder, apparently.
In other words, as with your bed, trust the person you let into your USB ports. You certainly can’t trust their phone.
