Android Hack- That “USB charger” might actually wipe your phone

(Check out some of my other hacks)

Everyone has cell phones. Everyone’s cell phones need to be charged. Don’t use that “free” charger you find plugged into the wall at a restuarant, shopping center, or airport.

If you do, all of your phone’s data could be deleted.

Here’s why:

I recently started messing around with a thing called an OTG cable. The OTG cable lets you connect USB devices to your android phone.

Things like: A USB stick, a keyboard, a mouse

Phone OTG Mouse.png

When I plugged a mouse into my phone I was quite surprised: It just worked.

I did not have to enable the mouse in my settings; it just appeared on my screen. A majority of android phones support this feature.

It got me thinking. What if instead of a mouse, I did this:

Phone OTG Arduino.png

An arduino is a programmable device, and they come in a variety of sizes. Many models are small enough to hide in a cell phone charger.

Well, that allows for some interesting things (Visit this link to get the code that turns your arduino into a “Fake Mouse”). Now I can make macros, or programs, for my phone. I can send timed mouse movements and clicks, but what good is that?

I wanted to see if something like this could be dangerous.

I asked the question: “How difficult is it to completely erase my phone”

Well, if your phone does not have a password, it could range anywhere from 8-10 presses on your screen, that’s it.

If your phone is not password protected and you plug it into an unknown USB source, your phone can be erased in 8-10 mouse clicks.

This is how the arduino algorithm works:

Step 1: Detects that a USB connection is made

Step 2: A few Fake mouse commands are sent

Step 3… There is no step 3, your phone data has been deleted

 

Lets see how fast we can navigate and entirely erase a phone using this protocol

8 Seconds and the phone is wiped

Some phone providers will have their own menu configurations, and this can help protect against blind attacks like this. But if someone is intentionally trying to delete your phone’s data, than they could tailor the mouse commands to your specific model.

If your phone has a password, but your connect to the USB when your screen is unlocked, you are still at high risk. A hacker could: connect you an insecure network, delete all of your photos, make a copy of your contacts list, the list is endless.

How to fix this? First, put a password on your phone. Also, the next version of android should make it so that USB peripherals need to be turned on through the settings menu each time they are plugged in.

For questions regarding this hack send me emails at banmeihack@gmail.com

Advertisement

2 thoughts on “Android Hack- That “USB charger” might actually wipe your phone

  1. Couldn’t one argue that any standard operating system is insecure? Because if you plug something into a USB port that looks like a mouse but contains a macro of clicks and key presses you can do anything! The title of this article should be “Look at how cool macros can be”.

    Like

    Reply

    1. The difference is that a computer’s primary inputs are a mouse and keyboard, so it makes sense to not have this security in place. A cell phone has a touch screen for a primary interface. Therefore the user of the cellphone is able to approve the use of a mouse. All it needs to be is a “mouse connected, enable the mouse?” screen. Its a simple fix that covers a potentially large hole. We should move towards security

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s