Is USB Malware In Your iPhone Chargers and E-Cigs?

by on November 25, 2014

in consumer

USB-A to micro USB-B cables

I do not know if you recall, but back in the day there was a mild threat of computer viruses coming with brand new, shrink wrapped software. It either came via cheapo software or from reputable software makers that had angry employees!

Well, here’s a twist on that theme:

I came across a piece that made note of how USB chargers are being used to spread malware to your computers. And that ain’t cool.

The guys that discovered it thought if they would make their findings public so that it would help companies create defenses against this kind of crap. And then again, they just gave out a “great” idea to the scum that create these kinds of e-evils.

Be it as it may, the issue noted in the article primarily addressed iPhones and how if you use a tampered charger, an Apple consumer could get malware installed on their device.

The fake chargers do charge the phone but they also have small computers that replace the transformers. Then your phone treats the charger as another computer and it starts responding to commands from the USB device.

The trick takes advantage of a developers backdoor to your phone.

Apple has included a fix of sorts in their iOS7 by having it ask users if they trust the presently connected computer. That should be a clue that if your phone is calling a charger a computer, that something is up. But that seems like a cheap fix, considering how users seemingly “just click yes” to get things rolling without reading the text of the alert window. (Trust me, I used to be a network admin.)

I also read in a different source that most of these chargers can be bought off of some store shelves or online due to how inexpensive they can be. And thus, alluring.

But wait, just in case you started thinking it was only in USB chargers, think again!

Malware has also been spotted in E-Cigarettes that have been manufactured in China. One of the first infections from an e-cigarette came from when an executive of a large corporation had a computer malware infection and his team of crack IT experts could not figure out the source of the nefarious code.

They could not figure it out at first until they started asking him non-IT question, like if his lifestyle had changed at all. When he said he quit smoking to take up e-cigarettes, well, that was the lead they were looking for. And that lead led them to the $5 e-cigarette the exec bought off of E-Bay.

And when the device was plugged into a USB charger, it did the rest.

There is still another trick where you might loan a USB stick to someone you (think you) know and when you get it back, guess what!?

On the same end of that spectrum, one obscure way to help prevent your own USB stick from being used against you is to paint a layer of Gorilla brand epoxy all over the outside of the device barring the actual ability to take it apart without showing the intrusion damage. The damage to the epoxy shell on your USB stick would apprise you that someone had tampered with it because the epoxy shell would have had to been broken into for your thumb drive to have been tampered with.

Experts say these various devices and tricks noted above are just the latest that hackers take advantage of to exploit our unknown weaknesses or blind trust in our consumer products. For example, other devices, I’m sure you’ve heard of over the years that came to the consumer infected off the shelf are e-picture frames, MP3 players and the like. You know… things you would plug into a USB port to charge, update or load with data.

Admittedly the odds of any of us encountering something insidious like this are pretty high, but these things are out there, and more and more make their way to market every day. And as sad of a statement as it is, if you are finicky about your virus protection and other measures you might take to keep your stuff from getting hit, you should not even trust the computers of your friends and family… unless they have an entire practice dedicated to keeping the evils of the world off their data. ┬áThen again, most people just wing it and hope for the best.

When you go to flea markets or find really cheap products online, are you sure you know what you are really buying or are in for?

It is kind of sad how these people can create such innovative methods of distilling viruses rather than working for legitimate companies and being a productive member of society, but so be it. Right?

References:

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: