PROTECTION OF SMARTPHONES FROM THE INFLUENCE OF HARMFUL PROGRAMS DURING CHARGING IN PUBLIC PLACES
DOI:
https://doi.org/10.28925/2663-4023.2024.23.338347Keywords:
Juice Jacking; cybersecurity; USB security; mobile security; cyber threats; preventive measures.Abstract
As smartphones become indispensable tools for communication, work, and entertainment, the risks associated with their frequent charging in public places such as cafes, coworking spaces, and power bank rental stations have significantly increased. This publication aims to analyze the growing cybersecurity threats to mobile devices, particularly the vulnerabilities linked to public charging stations and USB data transfer devices. Various cyber threats are examined, including Juice Jacking, BadUSB attacks, rental power bank compromises, and the deceptive safety of public USB ports, which may be configured to deploy malware or conduct unauthorized data access. Detailed descriptions of various attack vectors are provided, along with practical measures to mitigate these risks. Recommendations include using personal chargers, employing USB cables or devices that block data transfer (USB condoms), and the importance of regular software updates to protect against known vulnerabilities. A novel solution proposed is the development of a USB-C to USB-C keychain with disconnected data transfer contacts, ensuring charging without data transfer risks, and a fuse that can provide additional protection against voltage spikes and direct hardware attacks such as BadPower. The keychain blocker is designed for easy portability, attaching to key rings or directly to smartphone cases, ensuring availability when needed without the risk of being forgotten. The article argues for increased awareness and preventive practices as integral components of cybersecurity in an era when mobile devices are widely used and continuously exposed to growing threats. The research results highlight the inevitability of complex cyberattacks amid global tensions and technological advancements, advocating for proactive measures to protect personal and confidential data. Continuous software updates and the use of hardware solutions designed to secure mobile devices effectively protect users from most cyber threats.
Downloads
References
Security Configuration Recommendations for Apple R iOS 5 Devices 2012. (n.d.).
Honeywell International Inc. Industrial cybersecurity USB threat report 2022. (n.d.). Software for Digital Transformation|Honeywell Forge. https://www.honeywellforge.ai/us/en/campaigns/industrial-cybersecurity-threat-report-2022#form
Lee, B. D. (2018). This rigged charger can hijack your new laptop. BBC Home - Breaking News, World News, US News, Sports, Business, Innovation, Climate, Culture, Travel, Video & Audio. https://www.bbc.com/news/technology-45139397
What is ‘Juice Jacking’ and Tips to Avoid It. (2023). Federal Communications Commission. https://www.fcc.gov/juice-jacking-tips-to-avoid-it
Safety Tips: Some Fast Charging Products Have “Bad Power” Risks. (2020). Tencent Security Xuanwu Lab. https://xlab.tencent.com/cn/2020/07/16/badpower/
Faife, C. (2022). The O․MG Elite cable is a scarily stealthy hacker tool. The Verge. https://www.theverge.com/23321517/omg-elite-cable-hacker-tool-review-defcon
Buxton, O. (2022). What Is the Mirai Botnet? What Is the Mirai Botnet? https://www.avast.com/c-mirai
Elcomsoft Phone Breaker | Elcomsoft Co.Ltd. (n.d.). Digital Forensic, Data Decryption and Password Recovery Solutions for Law Enforcement, Forensic and Corporate Customers | Elcomsoft Co.Ltd. https://www.elcomsoft.com/eppb.html
Keepnet Labs. (2024). 5 Examples of Real-World QR Code Attacks. LinkedIn: Log in or Sign Up. https://www.linkedin.com/pulse/5-examples-real-world-qr-code-attacks-keepnetlabs-a7vee/
FBI Denver. (2023). X (Twitter). https://twitter.com/FBIDenver/status/1643947117650538498/photo/1
Sadykov, Y., et al. (2021). Technology of Location Hiding by Spoofing the Mobile Operator IP Address, IEEE International Conference on Information and Telecommunication Technologies and Radio Electronics, 22–25. https://doi.org/10.1109/UkrMiCo52950.2021.9716700
Shcheblanin, Y., et al. (2023). Research of Authentication Methods in Mobile Applications. In Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3421, 266–271.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Лариса Крючкова, Олександр Стеблина
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
