(Check out some of my other hacks)
Everyone has cell phones. Everyone’s cell phones need to be charged. Don’t use that “free” charger you find plugged into the wall at a restuarant, shopping center, or airport.
If you do, all of your phone’s data could be deleted.
I recently started messing around with a thing called an OTG cable. The OTG cable lets you connect USB devices to your android phone.
Things like: A USB stick, a keyboard, a mouse
When I plugged a mouse into my phone I was quite surprised: It just worked.
I did not have to enable the mouse in my settings; it just appeared on my screen. A majority of android phones support this feature.
It got me thinking. What if instead of a mouse, I did this:
An arduino is a programmable device, and they come in a variety of sizes. Many models are small enough to hide in a cell phone charger.
Well, that allows for some interesting things (Visit this link to get the code that turns your arduino into a “Fake Mouse”). Now I can make macros, or programs, for my phone. I can send timed mouse movements and clicks, but what good is that?
I wanted to see if something like this could be dangerous.
I asked the question: “How difficult is it to completely erase my phone”
Well, if your phone does not have a password, it could range anywhere from 8-10 presses on your screen, that’s it.
If your phone is not password protected and you plug it into an unknown USB source, your phone can be erased in 8-10 mouse clicks.
This is how the arduino algorithm works:
Step 1: Detects that a USB connection is made
Step 2: A few Fake mouse commands are sent
Step 3… There is no step 3, your phone data has been deleted
Lets see how fast we can navigate and entirely erase a phone using this protocol
8 Seconds and the phone is wiped
Some phone providers will have their own menu configurations, and this can help protect against blind attacks like this. But if someone is intentionally trying to delete your phone’s data, than they could tailor the mouse commands to your specific model.
If your phone has a password, but your connect to the USB when your screen is unlocked, you are still at high risk. A hacker could: connect you an insecure network, delete all of your photos, make a copy of your contacts list, the list is endless.
How to fix this? First, put a password on your phone. Also, the next version of android should make it so that USB peripherals need to be turned on through the settings menu each time they are plugged in.
For questions regarding this hack send me emails at email@example.com
2 thoughts on “Android Hack- That “USB charger” might actually wipe your phone”
Couldn’t one argue that any standard operating system is insecure? Because if you plug something into a USB port that looks like a mouse but contains a macro of clicks and key presses you can do anything! The title of this article should be “Look at how cool macros can be”.
The difference is that a computer’s primary inputs are a mouse and keyboard, so it makes sense to not have this security in place. A cell phone has a touch screen for a primary interface. Therefore the user of the cellphone is able to approve the use of a mouse. All it needs to be is a “mouse connected, enable the mouse?” screen. Its a simple fix that covers a potentially large hole. We should move towards security