Many of us out there borrow chargers from friends when we run out of juice. When outdoors for longer periods, we tend to buy a second charger for ourselves so that we don’t lose the original charger of the smartphone and can leave it back safely at home. So you head out to the open market and opt for the cheapest charger out there. But hold on, you could be in trouble with the charger you just bought. The charger could be rigged with a simple circuit like an Arduino.
An Arduino, a very simple digital electronics board, can be programmed to do various stuff, can ruin your life. In what way you may ask—programming it to be used as a data collector. An Arduino is a very simple programmable chip and can be designed to do a lot more than just simple computing. With an Arduino, one can control other devices by simple communication standards over a USB connection. When connected to an Android smartphone over a USB OTG connection, you can program it to do various tasks. If this programming is done by a hacker, you should know the havoc he or she could do with your data. If you have USB Debugging disabled, you could be relatively safer. However, hackers are smart enough and could manage to bypass this feature to enable USB debugging and enable OTG and application installations to steal your data.
The FBI advisory has told Ars Technica that there is a threat to many ignorant smartphone users around the world. And this threat comes in as a simple, innocent and harmless smartphone charger.
The FBI officials have warned the private industry partners to be on the lookout for highly stealthy keylogging devices that can sniff passwords and also tap into wireless keyboards. These keyloggers can be a hardware or even a software installed on your phone. The keylogger is able to record every keystroke you type on your device. In an almost year-old information, the FBI had also released a private industry notification that a hacker managed to show his skills by tweaking a branded wireless keyboard and tap into sensitive information of PCs and smartphones.
Similarly, the warning comes in as many people opt for third-party chargers, wall mounted or car chargers, which could be implemented with chips similar to an Arduino. These chargers when connected to your smartphone, actually connect with OTG connections and manage to either install malware apps on your smartphone or simply run a keylogging software to transmit the sensitive information from your phone to the hacker’s servers.
KeySweeper is a simple $10 USB charger in disguise that can steal passwords from nearby devices that do not have strong cryptography to encrypt the data transmitted between a keyboard and the computer. The charger is able to sniff or eavesdrop on the radio signals from wireless keyboards and log keystrokes too. The sniffing circuitry runs when the charger is powered from the mains and can also run silently when the mains is put off as it contains a small built-in battery. The guts of the hardware is an Arduino or Teensy microcontroller and an nRF24L01+ radio frequency chip.
Make sure you buy original accessories or third-party accessories from renowned brands only.