A new exploit potentially turning Android phones into USB hacking tools has been revealed, which might make users more wary of plugging smartphones into their computers to sync or recharge. The exploit, developed by Angelos Stavrou and Zhaohui Wang, infects an Android device so that it mounts as a regular HID (human interface device) keyboard and mouse on a PC, Mac or Linux machine.
With that access, the malware author could then retrieve files, download other malware or even take control of the system altogether, depending on the nature of the exploit code. Versions of the exploit have been written for computers and for the Android kernel; an iOS version would also be possible, the researchers claim.
"Say your computer at home is compromised and you compromise your Android phone by connecting them. Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android. It's a viral type of compromise using the USB cable" Angelos Stavrou