±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34825
New Yesterday: 1 Visitors: 156

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

PowerBank to Kill

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

PowerBank to Kill

Post Posted: Sat May 12, 2018 3:39 am

One of our officers had an incident in his family. His son got a powerbank of a school friend (later we found out about it was his father). The boy used the accessory normally. Once his father (our officer) took the powerbank in need of juice and connected to charge.

Here it comes: PowerBank to Kill

We later found that the device (Android 7.0) got infected by the powerbank which had a modified and extended battery controller with a directly on-soldered microsSD with malware onboard. The banking trojan tried to phone-home over the mobiles internet connection to P.R.C..

Dont plugin every powerbank.  

Last edited by RolfGutmann on Sat May 12, 2018 10:04 am; edited 1 time in total

RolfGutmann
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 5:33 am

There are isolating USB adapters that only allow +5v and ground specially made for this purpose.  

MDCR
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 7:15 am

- RolfGutmann
One of our officers had an incident in his family. His son became a powerbank of a school friend (later we found out about it was his father). The boy used the accessory normally. Once his father (our officer) took the powerbank in need of juice and connected to charge.

Here it comes: PowerBank to Kill

We later found that the device (Android 7.0) got infected by the powerbank which had a modified and extended battery controller with a directly on-soldered microsSD with malware onboard. The banking trojan tried to phone-home over the mobiles internet connection to P.R.C..

Dont plugin every powerbank.


... became a powerbank? Shocked

Soldering the microSSD on the poor kid must have been the difficult (and I have to presume very painful) part... Rolling Eyes

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 7:31 am

- RolfGutmann
We later found that the device (Android 7.0) got infected by the powerbank which had a modified and extended battery controller with a directly on-soldered microsSD with malware onboard.


What mechanism allows the malicious code on that kind of device to execute? Is there some kind of 'autoexec' mechanism that Android uses? Or does it rely on the curious user starting the hostile code manually in some way? (Added: I was thinking along the line of an external disk for this scenario)

'Extended battery controller'... extended how? Enough for it to act as a host computer?  

Last edited by athulin on Sat May 12, 2018 8:16 am; edited 1 time in total

athulin
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 8:03 am

- jaclaz
... became a powerbank? Shocked


Lost in translation: 'Er bekommte ein Powerbank' ... or something on those lines.  

athulin
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 8:22 am

- athulin
- jaclaz
... became a powerbank? Shocked


Lost in translation: 'Er bekommte ein Powerbank' ... or something on those lines.


Sure Smile , I know, but when you title something "Powerbank to Kill" with the evident intent to catch people's attention (should have been "Powerbank to Steal Data" or "Powerbank with banking trojan", from the title I expected that somehow the device contained supercapacitors or *whatever* capable of generating peaks of voltage/current that could "kill" a device or a human) you also need to double check that what you write makes sense (translation or not).

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: PowerBank to Kill

Post Posted: Sat May 12, 2018 8:34 am

- jaclaz
... I expected that somehow the device contained supercapacitors or *whatever* capable of generating peaks of voltage/current that could "kill" a device or a human)


Freudian slip of the tounge, probably. The malware vector was probably terminated ... permanently.  

athulin
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next