Exploit via Charging Station or PC

If the mobile device is connected (typically via USB) to a charging station or a PC, for example to charge the device's battery, then a compromised or malicious charging station or PC could attempt to exploit the mobile device via the connection[1].

Previous demonstrations have included:

  • Injecting malicious applications into iOS devices[2].
  • Exploiting a Nexus 6 or 6P device over USB and gaining the ability to perform actions including intercepting phone calls, intercepting network traffic, and obtaining the device physical location[3].
  • Exploiting Android devices such as the Google Pixel 2 over USB[4].

Products from Cellebrite and Grayshift purportedly can use physical access to the data port to unlock the passcode on some iOS devices[5].

ID: T1458
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Initial Access
Platforms: Android, iOS
MTC ID: PHY-1
Version: 1.1
Created: 25 October 2017
Last Modified: 03 February 2019

Procedure Examples

ID Name Description
S0315 DualToy

DualToy side loads malicious or risky apps to both Android and iOS devices via a USB connection.[6]

S0312 WireLurker

WireLurker monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.[7]

Mitigations

ID Mitigation Description
M1012 Enterprise Policy

Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).

M1003 Lock Bootloader
M1001 Security Updates
M1006 Use Recent OS Version

Newer OS versions generally will include security patches against discovered vulnerabilities that become known to the vendor. Additionally, iOS 11.4.1 and higher introduce USB Restricted Mode, which under certain conditions disables data access through the device's charging port (making the port only usable for power), likely preventing this technique from working.[8]

M1011 User Guidance

Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.

References