Police warn shared power banks could transmit malware, but the industry continues to thrive in China
- Power banks of unknown origin could potentially send Trojan horses and other malware to smartphones, police warn
- Shared power bank users could reach 229 million in 2020 as the industry continues to boom and attract investment in China
One of the unique successes in China’s sharing economy has been power bank rentals, but police in China have recently warned that the mobile battery packs keeping users’ smartphones charged up could also spread malware.
The online security department of the Ministry of Public Security warned on its official WeChat account on Sunday that power banks could potentially be used to transmit Trojan horses and other types of malware, especially power banks of unknown origin. Once a smartphone is infected, the malware could steal personal information, including contacts, photos and videos, according to a police video.
For now, the threat may not be big. Although the police did not offer any real-world examples of the trick being used, some experts warn that users should be wary of the potential threat.
“If you have a well-motivated adversary, they will be able to access your phone if they take control of the USB port or the power bank that you are using,” said Riccardo Spolaor, an assistant professor at the Shandong University School of Computer Science and Technology, who has been researching these types of threats.
However, Spolaor said that it is not possible to determine whether this method of attack is prevalent.
To help reduce risk, police recommended that users choose their shared power banks carefully by avoiding them if they do not know where the devices come from. These could include power banks given away as free trials or gifts. Users should also pay attention to whether a power bank issues permission requests to access certain parts of a phone once plugged in.
There are also technological countermeasures users could try, such as software designed to stop data transmission via USB cables, according to Spolaor. But attackers could still exploit unknown vulnerabilities in smartphone operating systems like Android and iOS, he added, allowing them to deliver malicious software using the microcontroller inside a power bank.
Spolaor said that he has not come across any recent cases of malware attacks through power banks. Only a few unconfirmed cases have been reported by local media as shared power banks have spread rapidly through China over the last few years.
The number of people using shared power banks in China is projected to reach 229 million in 2020, according to research from iiMedia. This is despite the spread of Covid-19, which has kept many consumers at home this year and hit some parts of the sharing economy especially hard.
One reason for their popularity is the convenience. Users simply scan a QR code to pay a deposit, and then they can grab a power bank and leave, using it while they shop, travel on public transport or do a number of other activities. The power bank can be returned to any station from the same brand with an empty charging slot.
The industry expects further growth with the adoption of 5G, the superfast mobile network standard that drains smartphone batteries even faster. As the market matures, providers have also been raising rental prices.
For users who find shared power banks too convenient to resist, there are some simple measures they can take to better protect themselves, Spolaor said. Users should first make sure their USB connection settings are set to charging, he said, although this is not a foolproof means of protection. Those willing to go a step further can use so-called “USB condoms”, which are devices designed to prevent data exchange over USB cables.
The best protection, though, is also the least convenient: users should carry a personal power bank and charging cable when they go out.