Imagine this scenario:
The hackers secretly connected your computer with a mobile phone. It took only half a minute to look like nothing happened.
However, since then, the victim’s computer will infect every cell phone that connects to it.
If these phones are connected to other computers, they will turn other computers into sources of infection and initiate new attacks.
Until infinity. . .
This is a terrible scene. Fortunately, it does not happen in real life.
Based on past experience, malicious programs can only spread between mobile phones or between PCs. However, as a security guard, it is certainly more like a "stupid man." The head of 360 Ice Blade Labs, the famous white-hat hackers, Pan Jianfeng, who was called “Pan Shenâ€, proposed the idea of ​​cross-infection between mobile phones and computers earlier this year.
The two security researchers in the laboratory, Qin Jiajie and Guo Yonggang, realized this imaginary attack. At today's ISC (China Internet Security Conference) Hackpwn crack contest, the two big cattle have shown the world the risk of this "hybrid attack" through an attack demonstration.
[Qin Jiajie (left) and Guo Yonggang (right) at the Hackpwn site]
At the scene, two hackers demonstrated two Android phones and two Windows PCs. One of the phones was built with an attack program in advance, and the rest of the devices were all "clean."
Qin Jiajie and Guo Yonggang used an attack cell phone to connect the computer. It took about half a minute and the computer was infected.
Then two researchers connected the computer with a new cell phone. After a few tens of seconds, the cell phone automatically restarted;
After that, the new computer was connected with this phone and the computer was infected.
In just five minutes, the attack has completed two "reincarnations."
[Two security researchers at the scene: Mobile phone x PC cross infection]
Qin Jiajie and Guo Yonggang told Lei Fengwang (search for "Lei Feng Net" public number concerned) that in the live demonstration, in order to allow the audience to feel the background operation more clearly, the device's behavior was prompted. In real hacking attacks, all attacks can be set to silence.
If the mobile phone is maliciously attacked by this technology, the "victim" will only see the restart of their mobile phone, but they do not know that their mobile phone core has been replaced and become a new source of infection.
they said.
At the BlackHat Hacking Conference of the United States in the previous two years, foreign hackers have used U-disks that modify hardware to display infections on computers. The Iceblade Lab study revealed that such attacks can actually reach deeper and wider. they said:
Such attacks can span PCs and mobile phones, and theoretically can infect all versions of Android phones. Of course, because our goal is only to show the possibility, not really to attack, we did not do multi-model adaptation work.
The two researchers told Lei Feng Network that while mastering the two technologies of “mobile phone attacking PC†and “PC attacking mobile phoneâ€, there are still technical difficulties. This is also the reason why hackers have not found a way to do bad things.
However, they also stated that this kind of attack has been proved to be feasible by themselves, so it is theoretically possible for hackers to develop similar technologies to launch attacks.
If the phone is really infected with a malicious hack, then "your phone will become his phone." The other party can even remotely view any information on your phone, install any app.
Although the corresponding protective products are already under development, the two security researchers remind ordinary people to pay attention to the good habits of using mobile phones. That is:
Try not to use your phone to connect to a strange computer or any USB device.