this post was submitted on 11 Sep 2025
17 points (100.0% liked)

Technology

593 readers
1636 users here now

Share interesting Technology news and links.

Rules:

  1. No paywalled sites at all.
  2. News articles has to be recent, not older than 2 weeks (14 days).
  3. No external video links, only native(.mp4,...etc) links under 5 mins.
  4. Post only direct links.

To encourage more original sources and keep this space commercial free as much as I could, the following websites are Blacklisted:

More sites will be added to the blacklist as needed.

Encouraged:

Misc:

Relevant Communities:

founded 4 months ago
MODERATORS
Pro@programming.dev
17
Modern Smartphones Vulnerable to Silent ‘ChoiceJacking’ USB Attacks (cyberinsider.com)
submitted 5 days ago by Pro@programming.dev to c/Technology@programming.dev
8 comments fedilink hide all child comments
top 8 comments
sorted by: hot top controversial new old
[–] unexposedhazard@discuss.tchncs.de 5 points 5 days ago* (last edited 5 days ago) (1 children)

Mobile OSes currently require user interaction to approve USB host connections (like file transfers or debugging), but they trust input devices and accessories by default. ChoiceJacking exploits this gap by emulating input devices to automate the approval process.

Luckily it is easy to mitigate this attack in case you are a high risk user. Just disable connection of all USB gadgets in your system settings. ("Deny new USB gadgets" in the screenshot)

For ease of use, most phones come with the weakest setting as a default that allows all new USB gadgets (keyboards, mice, audio adapters, etc) even if the device is locked.

I have it set to the medium setting (seen below), where as long as you dont plug it into an adversaries device while the phone is unlocked you are safe. With this setting you will have to only ever use your own charging devices that you know can be trusted. You should generally never connect your phone to any USB ports that you dont own. This should be common knowledge, but sadly it isnt. The only "downside" to this is that you have to unlock your phone before plugging in stuff like a USB to 3.5mm audio adapter.

This option can be found under Settings > Security & Privacy > More security & privacy > Restrict USB

[–] boatswain 3 points 5 days ago (1 children)

What Android version is that screenshot from? I don't see that option on Android 16.

[–] unexposedhazard@discuss.tchncs.de 1 points 5 days ago (1 children)

Android 15
Did they seriously remove that on 16? Did you search for any similar terms in the settings? Maybe its a developer option now. Google always does the dumbest shit man.

[–] boatswain 1 points 5 days ago (1 children)

Yeah, searched around in the settings and in developer options for a bit and didn't see anything that looked like it.

[–] unexposedhazard@discuss.tchncs.de 1 points 5 days ago* (last edited 5 days ago) (1 children)

How does it behave for you then? Does it accept new devices while locked?

Looks like there is a new system: https://www.youtube.com/watch?v=w-cgDR4ORvY

If you cant fully disable all usb devices then thats a problem tho, because it would only protect you if the device is locked.

They also seem to be bundling this new Advanced Protection Mode with bad features like the disabling of non google app sources and AI call transcription to do "scam detection"

https://techwiser.com/android-16-is-coming-6-new-security-features-to-keep-you-safe/

[–] boatswain 2 points 5 days ago

Don't have a USB device to plug into it at the moment; I'm traveling. I'll check when I get home in a week and change though

[–] MrSoup@lemmy.zip 3 points 5 days ago (1 children)

GrapheneOS prevents this.

[–] refalo@programming.dev 1 points 5 days ago* (last edited 5 days ago)

data-only USB cables work with all smartphones