Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices
Black Hat Asia 2025 · Day 2 · Briefings
In an era where mobile devices are indispensable repositories of sensitive personal data—from photographs and messages to login credentials—the security of these devices is paramount. This presentation by Floren Rasha and Lucas Ma unveils a series of novel USB-based attacks that challenge long-held assumptions about mobile device security on both iOS and Android platforms. The researchers demonstrate how attackers can bypass critical user confirmation prompts and even access data on locked devices, leveraging the ubiquitous USB interface.
AI review
Rasha and Ma delivered a crushing blow to mobile security assumptions, demonstrating multiple novel USB-based attacks that bypass user consent and even extract data from locked iOS and Android devices. This isn't your grandad's 'juice jacking'; it's 'choice jacking' and full data exfiltration on devices users thought were secure. The work is technically deep, impactful, and clearly the result of genuine, difficult research. It forces a fundamental re-evaluation of USB trust models and reminds everyone that physical access and subtle protocol flaws remain critical vectors.