A recent experience I had while charging my phone leads me to believe that it is possible to hack a phone through a power outlet.
This thought occurred to me while I was attending an Identity Management Conference and had to charge my phone from an ordinary wall outlet. While using my phone I began to notice some strange behavior. Firstly, although I was typing normal letters, special characters were showing up on the screen. Secondly, the keyboard would randomly disappear and the phone would return to the main screen. Finally I was unable to select certain portions of the screen. I tried shutting the screen off and on, opening other applications, and texting instead of emailing. Nothing seemed to fix the problem…until…I unplugged my phone from the wall outlet.
Perhaps it was because I was at a cybersecurity conference, but the first thought that ran through my mind was that someone had figured out how to hack a phone through a power outlet.
The USB specification consists of 4 lines – 5V DC, Data Positive, Data Negative, and ground. I have seen several examples of how malware was loaded onto a phone through a USB port. But these attacks were done through the data lines, which are supposedly isolated from the power lines per the USB specification. What was happening to my phone was purely through the USB power lines.
This led me to believe that it is possible to hack a phone through a power outlet. The basic process, I believe, would consist of the following steps.
The first step involves injecting data over the AC line by superimposing a modulated signal onto the AC sine wave making it a carrier. This is done in many commercial applications such as the X10 home automation system. Since USB is a differential data pair, a hacker would also need to send the opposite signal on the ground.
The second step involves passing this modulated signal to the DC line during AC/DC power-line conversion. This step take advantage of the fact that most phone charger units have no, or cheap, built-in high-pass filters which allow the high frequency signals to pass through.
The third step involves passing this modulated signal to the data lines. While these lines are supposed to be separated, it turns out there is a path between the 5V DC, Data Positive, Data Negative, and ground through a resistor network. While the resistor network would attenuate the noise along the 5V DC line, it would still allow the data to pass to the data lines.
While extremely difficult, hacking a phone through a power outlet is technically possible. Perhaps then we should think before plugging our phones into strange wall outlets.
Eric Sharret is Vice President of Business Development at TELEGRID. TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).
Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc. The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.