The Kremlin, host to the G-20 summit this past September, gave out “freebees” to the guests consisting of USB Memory Sticks and phone and tablet chargers.
A suspicious attendee asked the German Security Services (BND) to check the devices. The BND experts found that both the memory stick and the hand-out phone charger contained a trojan horse that linked information on the devices back to the Russians, presumably the Russian secret services.
A modern USB port has four wires –two of them are for charging and two others are for data exchange. Since the trojans were hidden in the memory chip of the charger and the USB stick, it was a simple matter to move these hidden files, which are trojan horses, into the mobile phone, laptop or tablet of the users.
This is a trick that was already done by the Chinese which deeply affected U.S. forces in Iraq and Afghanistan. The Chinese uses the flood it and watch approach, not too different to what NSA has been doing scooping up millions of phone logs. Essentially the Chinese put the bugs in every USB flash memory stick it manufactured (which is virtually all of them) so everyone would be infected. Then using supercomputers, generously provided by the United States, the Chinese had the luxury of search files and information on millions of mobile devices, laptops and desktops seeking out specific persons or critical information.
The same thing happened in Korea where Army personnel charged their mobile devices on sensitive networked computers. The trojans, that got onto their mobile devices in various ways, instantly migrated onto classified computers and the data became available to the intruders, presumably the Chinese.
There are a lot of malicious phone chargers around, as reported recently by Forbes.
So what can you do?
Here are some rules to follow:
1. Never charge your phone on your PC or on anyone else’s PC (including laptops and tablets with USB ports). Either you could inadvertently put malware on your PC (and onto the network that it may be connected to as well), but it also can result in malware being transferred to your mobile device.
2. Use only the charger provided to you by the product manufacturer.
3. Keep the charger with you –don’t leave it sitting around. It is easy for a malefactor to switch it out with a bugged device. You will never know. This can happen easily in a foreign hotel.
4. Consider buying a charging cable that does NOT have data lines in it. These are far safer. Keep it safe and away from others. Another alternative: by a security adapter for your USB connection. Here is one adapter available at a reasonable price.
5. All memory sticks are risky and suspect. Consider investing in a U.S. made secure memory stick. Keep it on your person.
6. Never charge your phone, tablet or laptop at a public place such as an airport or a train station or at a free charging station unless you have put in place a locking device in your connecting cable.