From family photos to work emails to bank accounts to health stats, you have a world of personal information at your fingertips. As such, the last thing you want is your smartphone – and all of your data – falling into the wrong hands. But a new, extremely subtle scam could do this to you.
There’s one accessory that all smartphone owners have – and share – from time to time. In fact, you probably wouldn’t think twice about using a friend’s or even a stranger’s if they offered it to you. And furthermore, you might find free ones to use at coffee shops, airports, shopping malls and other communal spots.
We’re talking, of course, about a phone charger. So on that note, when’s the last time you used one that wasn’t yours? As it turns out, though, you should pause before using any charging cable that doesn’t belong to you. Because a new scam revolves around the accessory, which means that a rogue charger can put your data at risk.
Now, even before scamming became an issue, charging cables have come with warnings. Your device likely arrived with a brand-authorized cable with which to charge it. But if you’ve ever purchased a replacement from another provider you could be putting yourself in danger, and not even in the realm of hacking.
For you see, tech companies put their charging cables together with international safety standards in mind. However, cheaper versions that you can buy online might not come with the same guarantees. In other words, there’s a reason why a knock-off charging cable costs a fraction of the brand-authorized version.
These faulty charging cables don’t just show up online, either. No, they can pop up in markets or small shops, where retailers have purchased the cheap chargers in mass quantities. On the other hand, major chain stores will go through official channels and work with brands directly, ensuring they have safe cables.
Now, the problem with mass-produced, generic chargers is that they don’t always suit your phone’s charging specifications. Of course, a branded cable will provide just the right amount of energy to your device. But a cheaper, off-brand version might jolt your phone with two much power, overheating the battery.
Similarly, a fraying cable can also overheat the battery, and an extra-hot power pack can put you at a huge risk. Sometimes, too much heat can set your phone ablaze, a particularly dangerous side effect if you choose to charge your device overnight. Taking this into account, the Dublin Fire Brigade took to Facebook to warn homeowners about the fire risk.
Yes, brigade sub officer Darren O’Connor spoke to The Irish Times in October 2019 about the dangers of faulty wires in charging. And he said, “We have been called to fires in bedrooms [and] living rooms that have started due to charging portable devices. It is a risk now where 15-20 years ago it wouldn’t have been an issue.”
Furthermore, journalist Ciara O’Brien, who wrote for The Irish Times, had a scare of her own with a faulty charger. As she went on to explain, “It happened, like most accidents do, in a split second. One second the phone was charging; the next there was a spark from the cable and a small flame.”
But while O’Brien had the good fortune of being awake when her phone charger lit up, others have suffered massively after leaving a dysfunctional cable unsupervised. For example, in May 2014 police in Sheffield, England, blamed “a faulty charging device” for a fire that killed five members of the same family, according to the BBC.
Another danger of overnight charging concerns where the phone is left to charge. In November 2018 the Newton, New Hampshire, Fire Department took to Facebook to warn followers not to leave their charging phones on their beds. According to their post, more than half of young people were guilty of doing so.
The fire department’s post said, “Research has revealed that 53 percent of children/teens charge their phone or tablet either on their bed or under their pillow. This can be extremely dangerous. The heat generated cannot dissipate and the charger will become hotter and hotter. The likely result is that the pillow/bed will catch fire.”
And fraying or exposed wires inside of your charger present yet another risk to you. You see, the thick material that encases these wires has a purpose – it protects you from touching the electrified strands inside. As such, once your charger starts fraying, you might accidentally touch a charged wire and burn or shock yourself.
Now, such a wire doesn’t just put the phone charger’s main user at risk. Perhaps your pet brushes up against the charger, or your young child grabs it, not knowing it’s fraying and risky. In short, a bad charger could cause harm to another member of your family – and even if it’s not life-threatening, it still hurts.
Finally, there’s the risk of damaging your device with a bad charger, too. As previously mentioned, a low-quality charging cable can deliver too much power to a device. But a frayed set of wires can be equally destructive. They could both send waves of power into your phone, thus frazzling the interior components and rendering your phone useless.
For all of these charger-centric issues, experts have solutions to keep you safe from fire, electric shock and device damage. For starters, do your research before buying a cable – your best bet is purchasing directly from the manufacturer of your phone. Also, you can even find third-party chargers authorized by Apple, Samsung and other major smartphone brands.
Furthermore, the National Fire Protection Association (NFPA) told the Today show in 2018 that smartphone users should only pair their official charging cable with the battery built for that particular phone. It’s worth flipping through your device’s manual, too, to make sure you know how to power up properly.
Last but not least, the location where you charge your phone is important, too. For example, placing your phone in the sun while it’s powering up can cause it to overheat. The NFPA’s Susan McKelvey added, “Generally, smartphones should be charged in locations that allow for adequate ventilation so they don’t overheat. Charging them under a pillow, on a bed or on a couch doesn’t allow for this.”
On top of all that, there’s a new phone charger-centric danger with which you have to contend. Indeed, the head of X-Force Red at IBM Security, Charles Henderson, gave his advice to Forbes in August 2019. And he began by saying, “There are certain things in life that you just don’t borrow.”
That’s right, and Henderson gave an example of what he meant. He said, “If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.” And he felt the same way about another item – phone chargers.
You see, Henderson’s post at IBM Security had him overseeing a team of hired hackers. Here, clients paid them to try and break into their computer systems to highlight any weaknesses. Now, though, hackers have more than one method of infiltrating devices – they can hide malware within cables, which loads onto plugged-in devices.
Furthermore, a security researcher who goes by the initials M.G. told Vice’s Motherboard that, for all intents and purposes, these compromised cables look normal. He said, “It looks like a legitimate cable and works just like one. Not even your computer will notice a difference. Until I, as an attacker, wirelessly take control of the cable.”
And Motherboard writer Joseph Cox tried out the implanted cable and said it functioned just as a charging cable would. He wrote, “My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behavior.” Nevertheless, the compromised charger had already gotten to work.
Yes, Cox suddenly observed how the cable opened his devices up to hackers. He wrote, “A hacker remotely opened a terminal on my Mac’s screen, letting them run commands on my computer as they saw fit.” Security specialist M.G. then explained to Cox how the cable had so swiftly – and secretively – hacked into his device.
According to M.G., the fake cable came with an IP address, and he could access it through his phone. Then, the browser revealed a list of options available to a potential hacker. As M.G. put it, “It’s like being able to sit at the keyboard and mouse of the victim but without actually being there.”
Not only that, but the hacker would have the option to shut down the implant remotely, erasing the trail that could lead back to them if the device is discovered. Perhaps even more surprising was the fact that M.G. was able to make the hacking devices all by himself – by hand.
Still, Henderson did tell Forbes that compromised charging cables weren’t too big of a threat – yet. He explained that charger-based hacking hadn’t taken off “mainly because this kind of attack doesn’t scale real well, so if you saw it, it would be a very targeted attack.”
And yet, Henderson said it couldn’t hurt to be prepared, considering charging cable-centric hacking could take off in the future. The IBM Security head said, “Just because we haven’t yet seen a widespread attack doesn’t mean we won’t see it, because it certainly does work.” There were other reasons why more hackers might start using the method, too.
As Henderson went on to explain to Forbes, “The technology is really small and really cheap. It can get so small that it looks like an ordinary cable but has the capability and the intelligence to plant malware on its victim. These things are only going to get cheaper to produce and it’s not something your average consumer is going to be tracking to know when it becomes viable on a mass scale.”
Until charging cable implants take off, though, Henderson said anyone with a smartphone should be wary of USB charging stations. Now, they tend to appear in communal spaces, such as airport terminals. And they can easily be compromised, too, affecting countless people who plug in when they’re in a pinch.
Indeed, Henderson said he had already seen examples of a USB-centric hack job. He described, “We’ve seen a couple of instances where people modified charging stations. I’m not talking about an electrical outlet, I’m talking about when there’s a USB port on a charging station.”
As such, the IBM expert said diligence is key for smartphone users on the go. And even if you’re in desperate need of a charge, think twice about using a power source that’s not your own. He told Forbes , “Being careful about what you plug into your devices is just good tech hygiene.”
To hammer that point home, Henderson continued, “Think of it in the same way that you think about opening mail attachments or sharing passwords. In a computing context, sharing cables is like sharing your password, because that’s the level of access you’re crucially conveying with these types of technology.”
And the expert’s take on charging security didn’t stop there. You see, he also highlighted the chargers that many hotels keep at the front desk as a convenience to guests. Yes, Henderson advised against using those, too, saying, “If the front desk had a drawerful of underwear, would you wear those?”
For now, though, there are still a few things which mean the risk is not as high as it could be. For one thing, M.G. told Vice that he’d have to be in relatively close proximity to hack into a person’s phone once they plug in the charging cable. He said, “I’m currently seeing up to 300 feet with a smartphone when connecting directly.”
But the risk goes up if the hacker has a stronger antenna, giving them greater distance to hide well they hack. Or, they can set up the implant “to act as a client to a nearby wireless network,” M.G. said. If there’s an internet connection to the network, then, he said, “The distance basically becomes unlimited.”
Not all phones are as easy to hack, though. Yes, M.G. pointed out that he struggled to place implants within one brand’s chargers specifically. He said, “Apple cables are simply the most difficult to do this to, so if I can successfully implant one of these, then I can usually do it to other cables.”
Even if you’re an Apple user, you might still want protection against potential hackers. If so, start by bringing your own charger with you whenever you travel, including both the plug and cable. And if you must use someone else’s charger, look out for one huge red flag. Fast Company’s Sean Captain wrote in November 2019, “When you plug into anything that can access data, such as a computer, iOS will ask you if you want to ‘trust’ the device. If you see that alert, unplug immediately.”
Sometimes, though, you might not have access to a wall plug or a stranger’s charger cable. If so, you may be tempted to plug into a communal USB charger. Save yourself from that danger, too, by carrying your own mobile power bank, which you can plug into and power up from anywhere.