Emerging Threat: ChoiceJacking Techniques Bypass Android and Apple Defenses
Recent cybersecurity findings underscore a concerning trend: three ChoiceJacking techniques effectively bypass existing mitigations designed for Android devices and, alarmingly, one method also compromises Apple systems. In these attacks, malicious chargers function as USB hosts, triggering confirmation prompts on targeted smartphones and exploiting inherent operating system vulnerabilities.
The crux of the attack lies in the charger’s ability to autonomously inject "input events," mimicking user actions such as typing and clicking. This dual channel access allows the charger to simulate user consent while simultaneously establishing a connection that can access and extract files from the phone. The implications of such vulnerabilities pose significant risks to users, as the charger can gather personal data without the owner’s explicit consent.
In a notable variant capable of circumventing both Apple and Google safeguards, the charger masquerades as a USB keyboard, sending simulated key presses that navigate through the operating system. These keyboard inputs can initiate complex actions, such as opening setting menus or triggering Bluetooth connections, all while appearing to be benign interactions. Utilizing a technology standard known as USB Power Delivery, the charger can negotiate roles with the mobile device, effectively swapping its function from a power supplier to a data host.
As the charger transitions to its role as a USB host, it can trigger file access consent dialogs on the connected devices. Concurrently, its capability as a Bluetooth keyboard enables it to approve these requests, thus manipulating permissions without overt user intervention. This intricate process, detailed in a recent Usenix paper, outlines the methodical steps employed by attackers to establish control over victim devices.
The sequence of events during the attack begins with the victim’s smartphone linked to the malicious charger while its screen is unlocked. Following this, the charger performs a USB Data Role Swap, converting the mobile device into a USB host and itself into a USB input device. Throughout this process, the charger skillfully engineers Bluetooth connections, ensuring the device remains discoverable and accessible. After successfully pairing with the mobile phone, it asserts its newfound role as a host, initiating a data connection and confirming its status as established through the Bluetooth input device.
Extensive testing reveals that this technique is effective across ten out of eleven smartphone models, with one exception being an Android device running Vivo’s Funtouch OS, which lacks full support for USB Power Delivery. The attack process typically takes between 25 to 30 seconds, after which the attacker has unfettered read and write access to files stored on the compromised device, provided the charger remains connected.
From a cybersecurity perspective, the MITRE ATT&CK framework provides valuable insights into the tactics likely employed during these incidents. Initial access strategies, as evident in these attacks, suggest a blend of user interaction manipulation and privilege escalation, while the persistence tactic may be reflected in the ongoing access to the mobile device’s file system. The implications of successful ChoiceJacking are profound, highlighting the need for enhanced awareness and robust security measures in both business and personal contexts.
In light of these revelations, stakeholders, particularly business owners, must prioritize cybersecurity readiness by implementing rigorous device connection protocols and educating employees about the risks associated with using public charging stations. As cyber threats continue to evolve, proactive measures will be crucial in safeguarding sensitive data against emerging vulnerabilities.
