Riccardo Spolaor, a researcher at the University of Oxford, has released information on a new category of cyber vulnerabilities. It turns out that hacking gadgets does not require a network connection - they can be attacked while charging, even if there is a data blocker. The discovery was made last year, and now scientists have presented a prototype of a compact device for carrying out such an attack.
In 2017, an international college of researchers led by Spolaor developed a technology for extracting information from electrical signals that pass through smartphone modules. They designed their own decoder based on typical tools for reading memory cards and wrote algorithms that filter electrical impulses, process the necessary ones and extract information from them about what is stored in the gadget's memory. Specifically passwords or contact lists.
This year, the bulky laboratory equipment, thanks to the efforts of Spolaor's team, turned into a compact board called "PowerSnitch". It can be integrated into a powerbank as a ready-made solution; in addition to a decoder, there is a memory card and a WI-Fi module on board for transmitting data to a remote receiver. All that remains is to connect the attacked smartphone to the powerbank and the process will start automatically.
The data exfiltration speed is only 2 bits per second, and PowerSnitch uses excess current to operate, so it does not affect the smartphone charging process and remains unnoticed. Antiviruses and other software and hardware security tools are powerless here, but the protection method is very simple - you need to completely turn off the gadget while charging. PowerSnitch has been successfully tested with Android devices and Spolaor is now doing a similar iPhone jailbreak.