Krebs on Security writes:
Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.
We know about the risks of having your devices hacked by malicious chargers, and of juice jacking where you plug your phone in for a quick power boost at a kiosk at a shopping centre, hotel lobby or airport, only to have your data snarfled.
But video jacking seems like yet another novel way to grab information from HDMI-ready smartphones.
Is there a widespread risk of this happening? Almost certainly not. But it’s still wise for smartphone users to take care over where they plug in their devices. Consider bringing your own USB charger on trips, and use that to plug into an power socket when your phone’s battery life is running low.
And manufacturers clearly could do more to display an obvious notification to users when HDMI output is enabled, warning of potential dangers.
Is it not the case for iphones that you will be asked if you trust the connection before any data is accessed by the USB cable? And does the default configuration not allow access to the screen (video) output?
Another reason to love wireless charging on phones.