Compliance Management, Privacy, Vulnerability Management

‘Video jacking’ attack allows attacker to see what you see

If docking a phone at unfamiliar charging stations wasn't iffy enough, a “video-jacking” attack by Aries Security researchers highlights yet another attack vector to consider.

Similar to “juice jacking,” the attack can be carried out using roughly $220 worth of equipment hidden inside what appears to be the charging station to essentially see everything a user sees, taps and does with their device including seeing a users password  entered when they unlock their screen, according to an Aug. 11 Krebs On Security blog post.

Some devices may briefly flash something similar to “HDMI Connected” but most will display no warning at all, researchers said in the post. Several Androids, iPhones and other HDMI-ready smartphones manufactured by Asus, BlackBerry, HTC, LG, Samsun and ZTE are susceptible to the attack.

Users are advised to disable screen mirroring if possible but even that might not prevent the attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.