Choicejacking Attack: New USB Threat Bypasses Security Prompts to Steal Data via Public Chargers

A new USB-based attack called Choicejacking has emerged, targeting both Android and iOS devices through public charging stations. This attack bypasses security prompts in milliseconds, tricking devices into sharing data without user consent. While specific technical details are not disclosed, the attack's ability to circumvent security measures on both major mobile platforms suggests a potential vulnerability in the USB protocol or its implementation. Public charging stations are common in high-traffic areas like airports and malls, making this attack particularly insidious for unsuspecting users. The implications for cybersecurity are significant, as this attack could lead to widespread data theft, including sensitive information such as contacts, messages, and photos. For cybersecurity professionals, this underscores the need for heightened awareness and updated security policies. Users should avoid public charging stations or use USB condoms to block data transfer. Organizations should educate employees about the risks and consider revising BYOD policies to include explicit warnings about public USB ports. Device manufacturers must investigate and patch potential vulnerabilities in their USB handling mechanisms. Without more technical details, the exact nature of the vulnerability remains unclear, but the threat is real and warrants immediate attention. The broader cybersecurity landscape may see an increase in USB-based attacks, necessitating proactive measures to mitigate risks associated with public charging infrastructure.