|
Juice jacking is a term used to describe a cyber attack where wherein malware might be installed on to, or data surreptitiously copied from, a smart phone, tablet or other computer device using a charging port that doubles as a data connection, typically over USB. == Published Research == The Wall of Sheep, an event at Def_Con has set up and allowed public access to an informational juice jacking kiosk each year at DefCon since 2011. Their intent is to bring awareness of this attack to the general public. Each of the informational juice jacking kiosks set up at the Wall of Sheep village have included a hidden CPU which is used in some way to notify the user that they should not plug their devices in to public charging kiosks. The first informational juice jacking kiosk included a screen which would change from "Free charging station" to a warning message that the user "should not trust public charging stations with their devices". One of the researchers who designed the charging station for the Wall of Sheep has given public presentations which showcase more malicious acts which could be taken via the kiosk, such as data theft, device tracking and information on compromising existing charging kiosks. Security researcher Kyle Osborn released an attack framework called P2P-ADB in 2012 which utilized USB On-The-Go to connect an attacker's phone to a target victim's device. This framework included examples and proof of concepts which would allow attackers to unlock locked phones, steal data from a phone including authentication keys granting the attacker access to the target device owner's google account. Security researcher graduates and students from the Institute of Technology Georgia released a proof of concept malicious tool "Mactans" which utilized the USB charging port on Apple mobile devices at the 2013 Blackhat USA security briefings. They utilized inexpensive hardware components to construct a small sized malicious wall charger which could infect an iPhone with the then-current version of iOS with malicious software while it was being charged. The software could defeat any security measures built into iOS and mask itself in the same way Apple masks background processes in iOS. Security researchers Karsten Nohl and Jakob Lell from srlabs published their research on BadUSB during the 2014 Blackhat USA security briefings. Their presentation on this attack mentions that a cellphone or tablet device charging on an infected computer would be one of the simplest method of propagating the BadUSB vulnerability. They include example malicious firmware code that would infect Android devices with BadUSB. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Juice jacking」の詳細全文を読む スポンサード リンク
|