why you have to watch the security of HDMI much more than with that of USB

  • 38

We have to be careful where we connect our mobiles. If it is already easy for them to access our device through the internet, facilitating physical access is even worse. For years, experts have warned of the risks of using public USBs to charge the mobile. It is the one known as juice jacking. Today we come to talk about a even more dangerous variant: video jacking.

While USB allows you to pass data, the HDMI connection allows you to duplicate an image. Through this function, attackers can practically record the screen of our phone and see everything that is typed or touched on it, be it passwords, account numbers, photos, private texts or emails. If with the USB port it is possible to install malware, with the HDMI connection the risks are even greater.

Juice jacking: why you should be very careful when recharging your mobile in public USB ports and how to avoid problems

How does videojacking work?

In 2011, security expert Brian Krebs showed how malware could be installed via USB port. In 2016, the same analyst showed the dangers of video jacking, a attack via HDMI access. The description of this type of attack is simple. Let’s say a user connects his mobile to a fake USB charging station. The public cables that apparently are there to charge the mobile, have actually been manipulated.

The novelty with HDMI is that instead of opting for data transfer, the ability to mirror the screen is used. With this, the attacker can see all the keys that are pressed, including the unlock PIN. Everything that appears on the mobile screen can be seen by the attacker.

This is a type of attack that affects most mobiles. They do not need to have an HDMI port, since today most smartphones support HDMI connection via USB-C port.

When a user connects a USB-C cable to a mobile it can be simply to charge it, but it can also be to send data or even to send video. If this video is sent without the user’s knowledge, we may be facing a case of video jacking.

These attacks can occur in airports or shopping malls, where there are usually public charging stations. A priori they should be safe, but through the HDMI connection it is possible to spy on the connected device.

Avoiding the attack is easy, but you have to be vigilant

A group of researchers at Florida International University have developed a system called ‘HDMI-watch’, where they analyze the use of the HDMI connection through algorithms and are capable of detecting strange uses. If detected, a message is sent to the user to alert him. Not everyone has access to this system, but it is not necessary if we are attentive.

USB-C is the worst standard ever because it's anything but standard

Most mobile phones have this function activated by default, but more and more mobiles send a notification in case the HDMI connection is being used. If we are going to charge the mobile in a public place, the easiest way to check that everything is in order is to see if a message appears. If it only says that it is charging, a priori everything is fine. If we charge the phone and an HDMI access notification appears, then we should be wary.

In Xataka | USB security key: what is it and how to make your own

We have to be careful where we connect our mobiles. If it is already easy for them to access our…

We have to be careful where we connect our mobiles. If it is already easy for them to access our…

Leave a Reply

Your email address will not be published.