This year at DEFCON 2011 the Aries Security company demonstrated a procedure by which a phone charging station can be used to copy all available information to the storage medium of that device. During the defcon conference security firm Aries has installed several portable charging stations to which many people connected their terminal. If the station was unused, a blue background appeared on its screen, but when someone charged the terminal, a message was displayed on the station's screen warning the user that that charging station could steal his data. Many users quickly disconnected their terminals upon seeing that message, some left the terminals careless and another said that the company he works for forbids employees to charge their phones from mobile charging stations.
We'd been talking about how dangerous these charging stations could be. Most smartphones are configured to just connect and dump off data," Markus said. "Anyone who had an inclination to could put a system inside one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device.
One guy that clearly seemed stressed and in a hurry to get his phone topped off said, 'I don't care, take my data, I need my phone charged to make a phone call! One attendee claimed his phone had USB transfer off and he would be fine. When he plugged it in, it instantly went into USB transfer mode," Markus recalls. "He then sheepishly said, 'Guess that setting doesn't work.
The idea behind this experiment is simple: most mobile terminals are configured to allow reading data when connected to a power source and a skilled hacker could install a server in the charging stations and with the help of some exploits could steal user data. If you have a jailbreak on iOS or root on Android, then your data can be taken without the slightest problem considering that your terminal offers everything "on the tray" when you connect it to the computer. Those without jailbreak have increased security, but a userland jailbreak can be easily implemented without the user knowing and the data can be immediately copied.
Even if you use these charging stations or not, even if you care or not that your data can be easily stolen, now at least you know what dangers you are exposing yourself to.
