Your Android phone could be hijacked in the blink of an eye (literally) next time you plug it into a public charger.
Security experts at NprdVPN, the brand behind one of the best VPN deals, have uncovered a sophisticated new cyberattack that can seize control of your device in just 133 milliseconds — faster than the human eye can blink.
This emerging threat, known as choicejacking, is an innovative way to bypass permissions without your active consent. Cybercriminals have developed methods to bypass the protective measures that smartphone makers have built into their devices, making it much easier to hack into your Android device.
If successful, crooks can trick your phone into granting full data access without your knowledge or permission. While you think you’re just topping up your battery, hackers could be rifling through your photos, contacts and personal files.
“Choicejacking is particularly dangerous because it manipulates a device into making decisions users never intended, all without them realising it,” warns Adrianus Warmenhoven, a cybersecurity advisor at NordVPN. He emphasises that these attacks exploit the everyday trust you place in your smartphone interactions.
GETTY IMAGES
|
When you unknowingly plug your phone into a disguised charging dock, harmful malware can be transferred to your phone
So, how exactly does this sneaky attack work?
When you connect your phone to what appears to be an innocent charging point, the malicious device masquerades as a legitimate USB or Bluetooth accessory. It then exploits your phone’s system to automatically activate data-transfer or debugging modes. This is what puts the harmful malware onto your device.
The alarming part, though, is the speed. The entire attack completes before you’ve even noticed anything unusual. Your device essentially makes choices on your behalf, granting the fake charging station complete access to your stored information.
UNSPLASH
|
You might think you’re topping up your battery, but crooks could be accessing your photos and data
What makes choicejacking particularly harmful is that it sidesteps the safety prompts that normally appear when connecting to unfamiliar devices. For example, you might’ve seen a pop-up on your phone or tablet before when connecting to a new cable asking if you “trust the device.”
The attackers have found clever ways to manipulate your phone’s systems into bypassing these protective barriers entirely.
Warmenhoven warns against the use of publicly available equipment because it’s difficult to know its true place of origin. He stated: “Public USB ports should never be treated as safe, and awareness is the first line of defence.”
Before choicejacking began, hackers were already using tricks to mess with people’s decisions. Some used dark patterns, like fake messages or pop-ups that made people click the wrong thing.
Others used clickjacking, where a person clicks on something that looks safe but secretly gives the hacker control. There was also nudging, where hackers made one choice look safer or easier, even though it was a trap.
|
You can activate “charge only” mode on your Android phone, which creates an additional protective barrier against data theft
Here’s how you can shield yourself from this digital pickpocketing:
- Ensure your phone’s operating system stays current with the latest security updates – these updates often minimise the risks that hackers use to gain access to your phone.
- Avoid letting your battery drain below 10% regularly, which reduces those desperate moments when you’ll plug into any available port.
- Invest in a portable power bank – it’s your safest charging companion because you know its origin.
- When you must use public charging, opt for wall sockets with your adapter and cable rather than built-in USB ports at airports or hotels. The built-in ports are what have been increasingly compromised by fraudsters.
- Android users should activate “Charge only” mode where available. This action creates an additional protective barrier against data theft.
You can activate “Charge Only” mode by following these four steps:
- Connect your phone to a charger
- Swipe down to access the notification shade. A notification like “Charging this device via USB” or “USB for file transfer” will appear
- Tap the USB notification, which opens a menu with USB preferences
- Select “Charge only” or “Charging phone only” to protect your device
LATEST DEVELOPMENTS
