Mobile computing devices such as smartphones and tablet computers are becoming more widely used every day. Not only are these devices popular for communication (e.g., phone, email, texting, chat), but they are also commonly used to create content (e.g., pictures and videos), play games, access social networks, as well as to play music and watch videos. A large selection of applications (“apps”) that run on mobile computing devices are available for download.
Unfortunately, as mobile computing devices become more widely used, malicious code targeting these devices is also becoming more common. People frequently execute credit card and banking transactions from their mobile computing devices, which can be a target of malicious attacks. People also store a lot sensitive data on their smartphones, such as their contacts, calendars, personal photographs, emails, text messages, etc. Having such data stolen by malware is a serious concern.
Although powerful in their own right, it is common to connect smartphones to other devices, for example to charge the battery, to look at pictures or watch video stored on the device on a larger screen, to play stored music through a better sound system, or to synchronize data on the device with the user's primary computer. Connecting a smartphone or the like to another device creates a risk of infection by malicious code or theft of data. The potential infection vector can be in either direction, i.e., from the external device to the mobile device or vice versa.
Users typically at least recognize that the desktops to which they connect mobile devices to synchronize data are computers. Users are generally less mindful of connecting their devices to music systems and chargers. For example, modern cars often come with in-dash systems with a fair amount of computing functionality, such as the ability to stream videos and television (though only legally if rear mounted), act as a closed caption TV with a backup camera installed, perform navigation functions, take voice commands from the driver, etc. It is standard for such systems to include Universal Serial Bus (USB) and Bluetooth connections for phones, music players, and the like. It is also common to plug mobile computing devices into chargers, including charging stations in public places such as airports. A wide selection of stereo systems, alarm clocks, docking stations, chargers and other devices are manufactured and marketed specifically to be connected to mobile computing devices. Whether users realize it or not, these devices could infect their mobile computing devices with malicious code or steal their personal data. For example, at DefCon 2011, a charging station was demonstrated that could download personal data from phones connected through the USB port for recharging. There is also a risk that a mobile device that is already infected with malicious code could then infect the device to which the user connects it, which can also be a concern for the user (e.g., the user's desktop computer, the car's onboard computer, etc.).
It would be desirable to address this issue.