Jailbroken Devices Compromised By Charging Stations

mask.of.sanity writes "Data can be stolen from Windows, Android and Apple devices by unassuming power charging towers. In an attack demonstrated at the Defcon hacking conference, mobile phone charging units were rigged to pull data from phones plugged into them. Researchers found many jailbroken and modified devices activated USB functions when they were plugged in, or simply rebooted."

Er... how can Android be jailbroken

[Anonymous Coward]

Nitpicking here... An iPhone that is jailbroken has its security compromised where anything is possible via the USB connection. However, an Android device that has root still has its security mechanisms 100% intact unless someone automatically checks "yes" everytime the su dialog pops up, or has a really craptastic ROM.

Yes, some ROMs might allow for a root prompt to allow a hacked charger to slurp data via ADB, but this can be easily disabled by just turning debug mode off.

Re:Er... how can Android be jailbroken

[pruss]

1. Moreover, there is quite a bit you can do with adb even without root: the adb shell normally gets privileges that are higher than those ordinary non-system Android apps get, though lower than full root privileges. (E.g., you can silently install and deinstall arbitrary apps from an adb shell.) So keeping debug on and plugging into untrusted devices is probably not such a great idea, whether the device is rooted or not. Moreover, if debug is on, then even if the device isn't rooted, an attacker can often just silently install an app that roots the device via whatever vulnerability roots a given device, and then get full root privileges.

2. The Superuser app that I use can be set so that it remembers su permissions after the first time one is asked and doesn't ask again if the same app requests the permission (technically, it will ask again if the app requests the permission in connection with another su command, but most root-using apps just request permission for an su shell, and then do their work in the shell). I keep that setting active, since I do things that require root so often (my SuperDim app to dim the display below what the OS normally allows for use at night; on boot setting the exec permission on my SD card so I can move app libraries to it; adjusting CPU governor settings; using my Force2SD app to move recalcitrant apps to SD; running a script to do a tar backup of all of /data; etc.). It would be a real nuisance to be constantly prompted. But there is an obvious security cost to the convenience. I am willing to accept that cost, especially since I currently use only two root-based apps that I didn't write myself, and I think they are trustworthy apps. So only two apps that I didn't write have the silent su authorization enabled.

Re:Hmm

[Em Adespoton]

Tell me this... does this amazing OS of yours alert you when you plug in a new USB keyboard? Because some of the USB sticks people find on the ground have both a flash memory partition and a fake keyboard interface that sends key commands in a predefined manner.

I'm all for OSes that fingerprint all your USB devices and require you to validate each function of each interface the first time presented, but even OpenBSD doesn't do this by default.