‘Data leak possible when charging smartphones at public stations’

MANILA, Philippines – Recharging mobile devices at public charging stations could compromise the data in smartphones and put their users at risk.

Global Internet security firm Kaspersky Lab said recent research they conducted on how much was being exchanged during charging through a USB port, showed there was a “litany of data” given by the device to the PC including the device name, manufacturer, type, serial number, firmware information, operating system information, file system/file list, and electronic chip ID.

The amount of data sent during the “handshake” that happens during charging varies depending on the device and host, Kaspersky Lab said, but each smartphone transfers the same basic set of information, like the device name, manufacturer, serial number, among other data.

Kaspersky Lab said the research also showed that by using just a regular PC and a standard micro USB cable, and armed with a set of special commands, the so-called AT commands, showed they were able to re-flash a smartphone and silently install a root application on it.

This would totally compromise the smartphone even though no malware was used.

Although information about actual incidents involving fake charging stations has not been published, the theft of data from mobiles connected to a computer has been observed in the past, the company said.