11 Aug 2016
Screen mirroring is a pretty underused feature on most smartphones. Essentially, it allows someone to cast a duplicate video from their phone’s screen to a larger screen like a television. Unfortunately, as it turns out, it’s also a pretty easy way to steal personal information and could potentially be set up in any public place, like an airport, where people need to get a quick phone charge.
The technique is being called video jacking, and it can be carried out by hackers using a phony USB charging station. Once a victim plugs in, everything they do is recorded, including passwords, account numbers, text, emails, pictures, etc.
Similar to juice jacking where malicious charging stations steal user data, video jacking is easier to pull off and allows hackers a video replay of every touch of the screen and keystroke. Even if the device is protected with a passcode, as long as it’s plugged in, when the device is unlocked, the passcode will be recorded.
Unfortunately, it’s virtually impossible to tell a USB cord that only charges from one that has video capabilities. Additionally, phones don’t typically prompt users when video is being cast. The researchers behind this new technique only tested Android phones, but any HDMI ready phone, including iPhones, are potentially susceptible.
In most phones, HDMI access is turned on by default, so if you plug into a bad charging station, the phone connects automatically. If you are concerned about video jacking, you can check your phone’s settings to see if you can turn the feature off. However, the best way to avoid being a victim is to not use untrusted charging stations and carry your own charging cord when you travel.