“An inexpensive Android hacking tool can create a covert communications channel in the power current generated while a smartphone charges on a power bank. The so-called ‘PowerSnitch’ attack, which was demonstrated here this week by Oxford University researcher Riccardo Spolaor, shows that a determined hacker doesn’t actually need a network connection to hack a targeted smartphone and steal stored data such as passwords. Public power banks, and even private power bank devices, are vulnerable to the attack – which works even when the phone is equipped with a data-blocker device for protecting the data pin in the phone’s power port. PowerSnitch consists of both the app and a £17 (US $23.64) decoder device that translates the power signal via GNURadio to the data it siphons. The data exfiltration rate is low, at around 2 bits per second, he said, due to the power burst delay in the charging process. PowerSnitch, in effect, ‘turns the smartphone into a telegraph’ that grabs the binary information from the current, he said. ‘It’s using only the surplus current, so it doesn’t affect the battery recharging,’ he said. Protecting an Android phone from such an attack via tampered power banks is really simple: Just power off the phone when charging it.”
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.