Hackers Use Malicious Chargers to Breach Smartphones

Cybersecurity researchers have uncovered a new attack method known as “ChoiceJacking,” which enables malicious charging stations to compromise both Android and iOS devices. Discovered by researchers at Graz University of Technology, the technique bypasses long-standing USB security protections by exploiting flaws in user confirmation mechanisms.

The attack combines elements of USB host and accessory protocols, enabling malicious chargers to simulate user input and accept prompts without user consent. One method exploits Android’s Open Accessory Protocol to inject commands within milliseconds. Others manipulate USB role switching or initiate Bluetooth connections to enable further input.

Tests on devices from eight major vendors, including Samsung, Apple, and Xiaomi, confirmed that sensitive data—such as photos, documents, and app content—could be extracted, even from locked devices in some cases. Public charging stations in places like airports and hotels pose the highest risk.

Google, Samsung, and Apple have released or are developing patches. Experts advise using personal chargers and USB data blockers.