Ddos 
A decade after the original “JuiceJacking” threat prompted mobile operating systems to require user consent for USB data connections, researchers from Graz University of Technology have uncovered a new class of USB-based attacks that bypass these protections. Their study, presented at USENIX, introduces CHOICEJACKING — a powerful, stealthy family of attacks that compromise Android and iOS devices using seemingly harmless chargers.
“We present a novel family of USB-based attacks on mobile devices, CHOICEJACKING, which is the first to bypass existing JuiceJacking mitigations,” the authors write.
CHOICEJACKING attacks exploit a core design flaw in current JuiceJacking countermeasures: the assumption that attackers cannot inject user input to approve data connections. The researchers show that this assumption no longer holds — malicious chargers can simulate user interaction and gain unauthorized access to personal data and even execute code on the device.
These attacks combine characteristics of USB hosts (which initiate data transfers) and peripherals (which simulate input like keyboards or mice), creating a hybrid threat model that evades existing defenses.
The study outlines three attack vectors:
- AOAP Exploit (T1): Leverages flaws in the Android Open Accessory Protocol to inject input events and approve USB data connections autonomously.
- Race Condition Exploit (T2): Abuses a timing issue in Android’s input subsystem to queue input events that accept prompts before the user sees them.
- Bluetooth Bridge (T3): Pairs a Bluetooth input device through USB and uses it to approve access — affecting both Android and iOS.
“In our evaluation, this technique allows gaining file access on all Android devices,” the paper confirms about T1.
The research team tested 11 devices from 8 major vendors — including Samsung, Xiaomi, Huawei, Oppo, Vivo, Honor, Google, and Apple — and found all were vulnerable. Some attacks succeeded even when the screen was locked.
“All but one (including Google, Samsung, Xiaomi, and Apple) acknowledged our attacks and are in the process of integrating mitigations,” the authors reported.
Notably, Xiaomi devices were found to be particularly vulnerable, allowing ADB-level access even on non-development-enabled devices, opening the door for persistent compromise.
Some of the attacks are almost unnoticeable. The fastest technique took just 133 milliseconds, less than the duration of a human blink. This brief flicker is often invisible to users distracted during calls, watching videos, or navigating.
To further boost stealth, the team developed a power line side-channel method to detect when the device is unobserved (like during a call) — perfect timing to launch the attack silently.
“We conclude that the CNN allows determining when the user is in a phone call,” the paper states regarding their machine learning-based detection model.
Current protections like lock screen-only USB blocking or USB data blockers are no longer sufficient. The researchers advocate for user prompts for all USB access types, including peripherals and accessories, to ensure that malicious input can’t be injected without the user’s knowledge.
“CHOICEJACKING represents a primitive for obtaining access to users’ private files stored on the mobile device,” the study warns.
Donate