Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Choicejacking: Bypassing USB Lock on Android & iOS - News Directory 3

Choicejacking: Bypassing USB Lock on Android & iOS

April 30, 2025 Catherine Williams Tech
News Context
At a glance
  • ⁢While wireless data transfer has become commonplace, many smartphone users ⁤still rely on USB connections for charging via chargers, cars,‍ or laptops.
  • ⁢ ⁢The threat of malicious‍ chargers compromising devices, known as "Juice jacking," isn't‍ new.⁢ Security journalist Brian Krebs popularized ‍the ⁣term in‍ 2011, referencing a presentation at the...
  • In response⁢ to the initial ⁤"Juice Jacking"⁢ threat, Apple and Google implemented safeguards, including warning prompts and confirmation dialogs when new USB devices are connected.
Original source: heise.de

ChoiceJacking: Researchers Bypass Mobile Defenses with Novel USB Attack

⁢While wireless data transfer has become commonplace, many smartphone users ⁤still rely on USB connections for charging via chargers, cars,‍ or laptops. Security researchers have uncovered a complex method to exploit these USB connections ⁢to extract data from devices,despite existing security measures.

The Evolution of Juice Jacking

⁢ ⁢The threat of malicious‍ chargers compromising devices, known as “Juice jacking,” isn’t‍ new.⁢ Security journalist Brian Krebs popularized ‍the ⁣term in‍ 2011, referencing a presentation at the ‍Defcon 19 hacker conference where public charging stations were rigged to display warning messages on connected smartphones.
⁢ ⁢

Countermeasures and Their Shortcomings

In response⁢ to the initial ⁤”Juice Jacking”⁢ threat, Apple and Google implemented safeguards, including warning prompts and confirmation dialogs when new USB devices are connected. They also patched security vulnerabilities in⁣ their mobile operating systems to prevent ⁣malware spread through this method.
⁢ ⁢

ChoiceJacking: A New Attack⁣ Vector

researchers Florian⁣ Draschbacher and Lukas Maar ⁣from TU graz in Austria have discovered a new technique, dubbed “ChoiceJacking,” that can circumvent some of these defenses. Their method leverages a fake Bluetooth⁤ input device to⁢ manipulate the⁣ USB connection process.
⁣

⁢⁣ ‍ According to their findings, while iOS and Android ⁤prevent a newly connected USB device from immediately⁣ accessing data, the researchers found a way to bypass this⁢ restriction.
‍

Draschbacher and Maar⁢ exploited this by establishing a Bluetooth connection to ⁣a prepared input device. This device then initiates a USB data query in a fraction ⁣of a second,effectively ‍”hijacking” ⁣the user’s ⁤choice to allow or deny the connection. this is⁤ facilitated by the USB ⁢Power Delivery (PD) mode,which allows for flexible role-switching ‍between the charging device and the host device.

Diagram⁤ of a malicious ChoiceJacking charger
Diagram illustrating the setup of a malicious USB charger used⁣ in a ⁢ChoiceJacking attack. (Image: ⁤Draschbacher, F., Maar, L., oberhuber, M., & Mangard, S. (Accepted/In press). ChoiceJacking: Compromising Mobile Devices through Malicious chargers like a⁤ Decade ago. ‍In Usenix Security Symposium 2025)

Limitations and User Interaction

⁢ ‍ ⁣ The‍ “ChoiceJacking” technique isn’t foolproof. It requires the smartphone screen to be unlocked and is ⁢ineffective when the device ⁢is in a “Before First Unlock” (BFU) state. Though, the researchers noted that users frequently enough interact with their phones while charging, making them less likely to notice the brief⁤ popup window (lasting only 0.07 seconds in their tests)⁢ and prevent the attack.
⁢

Patching the Gaps:⁣ Updates and Vulnerabilities

The TU Graz researchers discovered that devices ⁤from Samsung,Xiaomi,and Huawei,in addition to apple and Google devices,were susceptible to “ChoiceJacking.” Some devices remain vulnerable ⁤due to delayed updates. Furthermore, not all vulnerabilities have been addressed in android 15, with some fixes perhaps slated ‍for a future version.

apple’s iOS 18.4 includes patches addressing USB implementation vulnerabilities and introduces an additional security measure. Users are now required to unlock their devices with ⁤a PIN or‍ biometric authentication ‍to authorize USB data transfer.

⁤ ⁢ ⁤ Draschbacher suggests that the slow response to patching these vulnerabilities stems from a basic issue within the USB trust model of mobile operating ⁤systems, rather than simple programming errors.

As a temporary safeguard, users can employ a USB data blocker, an intermediary device that physically interrupts data connections.

Draschbacher and Maar presented their “ChoiceJacking” research at Black Hat Asia and at the Usenix Security Symposium.

choicejacking: Understanding the New Threat to Your Smartphone

Are you concerned about ⁣the ‍security of your smartphone when you⁣ plug it in to charge? You’re not⁣ alone. Security researchers have discovered a new attack method called “ChoiceJacking” that exploits USB connections to potentially access your data. Let’s dive into the details.

What is⁢ ChoiceJacking?

choicejacking is a⁢ new type of cyberattack that exploits vulnerabilities in how smartphones handle USB ⁣connections. It allows attackers to bypass security measures and potentially extract data from your device when⁣ it’s plugged into ‍a malicious charger.

How Does ChoiceJacking Work?

Researchers Florian Draschbacher and Lukas Maar from TU Graz in Austria discovered that ChoiceJacking uses a clever technique to manipulate the ⁣USB‍ connection process. Here’s a simplified breakdown:

  1. The Setup: An attacker sets up a charging device (like a wall charger) ⁢that looks⁣ legitimate but contains malicious components.
  2. Bluetooth Trickery: The malicious charger establishes a Bluetooth connection to a prepared input device.
  3. hijacking⁢ the Connection: This input device then rapidly initiates a USB data query, essentially “hijacking” your choice to allow or deny the connection. This happens so quickly (0.07 seconds⁤ in testing) that you might not even notice.
  4. Data Access: Once the connection is established, the attacker could potentially ‍access data on your device.

What’s the Difference Between ChoiceJacking and Juice⁤ Jacking?

Juice Jacking is the older, more well-known threat. It involves malicious chargers that directly compromise your device when plugged in. ChoiceJacking is a more refined evolution of this, circumventing some of the security measures put in place to combat Juice Jacking.

What Security Measures Were in Place Before ⁣ChoiceJacking?

In response to the threat of Juice Jacking, Apple and Google implemented several safeguards:

Warning Prompts: ⁢ When you connect to a new USB device, you’re often presented with a warning.

Confirmation Dialogs: These dialogs ask you to confirm whether you ⁢want ⁤to allow data access.

Operating System Patches: Security updates were pushed out to fix vulnerabilities in mobile operating systems.

ChoiceJacking,however,found a way around some of these protections.

Which Devices Are Vulnerable⁤ to choicejacking?

The research from TU Graz found that devices from ‍several major manufacturers were susceptible to this attack, including:

⁣ Samsung

Xiaomi

Huawei

Apple

⁢ google

Is My Phone Protected? What About Android 15 and iOS 18.4?

While ChoiceJacking is a serious threat, developers are actively working to patch vulnerabilities.

Android 15: While the source material notes that not all vulnerabilities have been addressed in Android 15, some fixes may be included in a future version.

iOS 18.4: apple’s iOS 18.4 includes patches that address USB implementation vulnerabilities and implements a new security measure requiring users to unlock their devices with a PIN or biometric authentication to authorize USB data transfer.

What Are the Limitations of ChoiceJacking?

ChoiceJacking isn’t a perfect attack. Here are its limitations:

Screen Unlocked required: The phone screen needs to be unlocked for the attack to work.

BFU State Protection: The attack is ineffective if the device is in a “Before First Unlock” (BFU) state.

However, users often interact with their⁢ phones while charging, making them less ⁢likely to notice the⁢ very brief popup window that allows the attack⁤ to succeed.

How Can I Protect Myself From ChoiceJacking?

Here’s how to protect your device⁢ from ChoiceJacking and similar attacks:

Be Careful Where You charge: ‍ Avoid using public USB charging stations.

Use⁢ Your Own Charger and Cable: Whenever possible,use your own charger and cable,especially in unfamiliar locations.

* USB Data Blockers: Consider using a USB‍ data blocker. This is a small device that physically interrupts the data connection, allowing only power to pass through.

What ⁤is a USB Data Blocker and How Does it Work?

A USB data blocker is a small, inexpensive device that sits ⁣between your charging cable ⁣and your phone. It only⁣ allows⁣ power to pass

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Android, Data leak, iOS, It, malware, security, smartphone, usb, USB Power Delivery

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com