Choicejacking bypasses smartphone charging security

Issue 3 2025 News & Events, Information Security

Smartphone users have yet another reason to avoid public phone chargers. Although smartphone and tablet manufacturers have introduced measures to protect users from juice jacking (an attack in which malicious chargers compromise connected mobile devices), cybercriminals have found ways to bypass these safeguards.

The recently emerged method is Choicejacking, a new threat where a malicious device disguised as a charging station manipulates various functions of the device to confirm, without the victim’s input or consent, that that the victim wants to connect in data-transfer mode, which means giving the disguised charging station access to what is on their phone, like photos, documents, and contacts.

“Choicejacking is particularly dangerous because it manipulates a device into making decisions users never intended, without them realising it,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN. “Whether it is granting access to data and/or downloading malware, these attacks exploit the trust we place in everyday interactions with our smartphones.”

The risk of juicejacking first arose back in 2011 and since then, OS developers implemented a mitigation, when a smartphone is connected to a device supporting Media Transfer Protocol (MTP) or Picture Transfer Protocol (PTP) — that is a hacker’s computer disguised as a charging port — it asks the user whether to allow data transfer or if they just want to charge the device. However, researchers from Graz University of Technology in Austria have discovered a way to bypass it.

Malicious charging stations can exploit smartphones by impersonating USB or Bluetooth input devices to stealthily trigger data transfer or debug modes. These techniques range from keystroke injection and input buffer overflows to protocol abuse, affecting both Android and iOS (in some cases). The attack can be completed in as little as 133 milliseconds, which is faster than a human blink, making it virtually undetectable.

“Choicejacking represents a dangerous evolution in public charging threats. With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data,” says Warmenhoven. “Public USB ports should never be treated as safe, and awareness is the first line of defence.”

Tips to avoid Choicejacking

1. Keep smartphone software up to date with the latest security patches.

2. Avoid letting your phone dip below 10% regularly to reduce emergency charging needs.

3. Use a portable power bank, the safest and most convenient option.

4. If available, use a wall socket with your own USB adapter and cable. Avoid using USB ports on public charging stations, such as those found in hotels or airports.

5. Enable ‘Charge only’ mode (available on some Android devices), which adds an extra layer of control.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SABRIC appoints Andre Wentzel as interim CEO
News & Events Financial (Industry) Associations
The South African Banking Risk Information Centre (SABRIC) has announced the appointment of Andre Wentzel as interim chief executive officer, effective immediately.

Read more...
Paxton cuts emissions by over a third
Paxton News & Events
Paxton has announced a significant reduction in its carbon footprint, cutting emissions by 961 tonnes of CO2e in its 2023 second reporting year.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...
Nice unveils MyNice Smartgo
News & Events Access Control & Identity Management
Nice SA has announced the release of MyNice Smartgo, a compact access automation solution, designed specifically for the South African market, combining an easy-to-install device with a user-friendly smartphone application.friendly smartphone application.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...
SA businesses embrace GenAI, but strategy and skills lag
News & Events AI & Data Analytics
South African enterprises are rapidly integrating Generative AI (GenAI) into their operations, but most are doing so without formal strategies, dedicated leadership, or the infrastructure required to maximise value and minimise risk.

Read more...
Continuous security optimisation.
News & Events Information Security
Cymulate has announced its partnership with SentinelOne, a threat exposure validation and AI-powered cybersecurity platform. The collaboration delivers self-healing endpoint security that empowers businesses to increase protection for every endpoint on their network.

Read more...
Protect your smart home devices
Kaspersky IoT & Automation Information Security Smart Home Automation
Voice assistants, kitchen robots, smart lights and many other intelligent devices have become part of our everyday life. However, with the rise of smart technology comes the need for robust protection against potential vulnerabilities.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.