Video jacking – hopefully not coming to a phone charging point near you

Graham Cluley

Hdmi thumb

Video jacking - hopefully not coming to a phone charging point near you

Krebs on Security writes:

Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.

We know about the risks of having your devices hacked by malicious chargers, and of juice jacking where you plug your phone in for a quick power boost at a kiosk at a shopping centre, hotel lobby or airport, only to have your data snarfled.

But video jacking seems like yet another novel way to grab information from HDMI-ready smartphones.

Is there a widespread risk of this happening? Almost certainly not. But it’s still wise for smartphone users to take care over where they plug in their devices. Consider bringing your own USB charger on trips, and use that to plug into an power socket when your phone’s battery life is running low.

And manufacturers clearly could do more to display an obvious notification to users when HDMI output is enabled, warning of potential dangers.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Video jacking – hopefully not coming to a phone charging point near you”

  1. Is it not the case for iphones that you will be asked if you trust the connection before any data is accessed by the USB cable? And does the default configuration not allow access to the screen (video) output?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES