iOS and Android juice jacking defenses have been trivial to bypass for years

⁨19⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ by ⁨leo@lemmy.linuxuserspace.show⁩ to ⁨news@lemmy.linuxuserspace.show⁩

https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/

Comments

Sort:hotnew top

fubarx@lemmy.world ⁨1⁩ ⁨week⁩ ago
If you plug in to charge your phone somewhere, and it asks you to ‘trust’ this device, just say NO.

Even worse: counterespionage.com/malicious-usb-cables/

If you want to try it yourself: counterespionage.com/malicious-usb-cables/

source
- tyler@programming.dev ⁨1⁩ ⁨week⁩ ago
  🎶Someone didn’t read the article 🎶
  
  The attacks then exploit various weaknesses in the OS that allow the charger to autonomously inject “input events” that can enter text or click buttons presented in screen prompts as if the user had done so directly into the phone. In all three, the charger eventually gains two conceptual channels to the phone: (1) an input one allowing it to spoof user consent and (2) a file access connection that can steal files.
  
  source