No Free Charge Theorem: a Covert Channel via USB Charging Cable on Mobile Devices

摘要

More and more people are regularly using mobile and battery-powered handsets,such as smartphones and tablets. At the same time, thanks to the technologicalinnovation and to the high user demands, those devices are integratingextensive functionalities and developers are writing battery-draining apps,which results in a surge of energy consumption of these devices. This scenarioleads many people to often look for opportunities to charge their devices atpublic charging stations: the presence of such stations is already prominentaround public areas such as hotels, shopping malls, airports, gyms and museums,and is expected to significantly grow in the future. While most of the time thepower comes for free, there is no guarantee that the charging station is notmaliciously controlled by an adversary, with the intention to exfiltrate datafrom the devices that are connected to it. In this paper, we illustrate for the first time how an adversary couldleverage a maliciously controlled charging station to exfiltrate data from thesmartphone via a USB charging cable (i.e., without using the data transferfunctionality), controlling a simple app running on the device, and withoutrequiring any permission to be granted by the user to send data out of thedevice. We show the feasibility of the proposed attack through a prototypeimplementation in Android, which is able to send out potentially sensitiveinformation, such as IMEI, contacts' phone number, and pictures.