If you plug your smartphone into a TV screen through a UBS connection, you can play a video from your phone on the monitor, although this also makes you susceptible to a little-known security risk called “video jacking,” according to Krebs on Security.
“Dubbed ‘video jacking’ by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station,” according to Krebs. “As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.”
According to Krebs, Brian Markus, cofounder and chief technology officer for Aries Security, and fellow researchers Joseph Mlodzianowski and Robert Rowley invented video jacking in 2011 at the DEF CON security conference in Las Vegas as they were “brainstorming” ways to expand on their “juice jacking” experiment.
“’Juice jacking’ refers to the ability to hijack … stored data when the user unwittingly plugs his phone into a custom USB charging station filled with computers that are ready to suck down and record said data (both Android and iOS phones now ask users whether they trust the computer before allowing data transfers),” according to Krebs.
But video jacking takes things a step even further than that because it records “every key and finger stroke” a user makes on a smartphone as it is being video jacked, so everything from your Social Security number to your bank account password to the security code you use to unlock the phone could be vulnerable if it is plugged into a video jacking device.
Even passwords that automatically encrypt as you enter them are under threat, according to Krebs, because “those numbers or keys will be raised briefly on the victim’s screen with each key press.”
Video jacking has so far only been tested against Android smartphones and not any of Apple’s iPhone models.