Low battery. No outlet. That public USB port looks like a lifeline—but it could be a hacker’s keyboard in disguise. Enter choicejacking—a next-generation cyberattack that hijacks our phone without permission. No taps. No clues. Just stolen access. If we care about our data,
we must not plug in until we know what that charger is really doing.
Table of Contents
Ever used a public charging station at an airport, coffee shop, or hotel? We have all been there—low battery, no outlet in sight, and that USB port seems like a lifeline. But what if that innocent-looking charger could hijack our phone—in less time than it takes to blink?
Welcome to the world of choicejacking—a stealthy, next-generation cyberattack that has security researchers sounding alarms. Unlike old-school juice jacking that required us to click something or fall for a fake app, choicejacking needs nothing from us at all. That is what makes it so dangerous. Let us unpack what it is, how it works, and why—if we care about our data—we should never trust a public USB port again.
What exactly is choicejacking
Let us start with a scenario. We plug our phone into a free USB port to charge. Normally, a prompt appears: “Allow this device to access your data?” We tap No and remain safe. With choicejacking, that prompt flashes for a microsecond—and the charger has already tapped Yes. Silent access in under 133 milliseconds—faster than our eyes can blink.
Choicejacking is the latest evolution in USB-based cyberattacks, discovered by a team of researchers from Graz University of Technology in Austria. Unlike earlier attacks that required malware or questionable apps, this one spoofs our own inputs—sending fake touch or keyboard commands to trick our phone into thinking we gave permission. The charger pretends to be us. This new kind of cyberattack exploits human interface device (HID) emulation—the same USB protocols we use daily to test hardware or connect peripherals are being turned against us.
How the attack works
When we plug into a malicious charger, we are not just drawing power. That charger can double up as:
- A USB host
- A spoofed keyboard or touchscreen (HID)
- A seemingly harmless power source
This setup allows attackers to inject touch inputs, launch ADB modes, or even access files—all without our ever being aware of it. In a proof-of-concept, researchers used a Raspberry Pi, a custom PCB, and basic firmware modifications to build one such charger. It compromised 11 different phones—from Samsung to Apple—often in under two seconds. On iPhones, the attack took approximately 23 seconds if the phone was unlocked. On Android, attackers could get in even if the screen was off.
The three main attack methods are:
T1: USB HID input spoofing
The charger mimics a legitimate HID (such as a keyboard) and ‘taps’ prompts invisibly. Our phone thinks we approved something we did not.
T2: Timing attacks
Inputs are injected faster than our eyes can register. The fake approval happens before we can even see the prompt.
T3: Bluetooth HID fallback
If access fails via USB, attackers may switch to Bluetooth, hijacking paired accessories—such as headsets—to inject commands wirelessly.
| Table 1: Engineer’s checklist | |
| Area | Suggested Action |
| USB stack | Add HID source validation |
| Firmware | Disable HID until trust is verified |
| UI design | Add time delays and biometric confirmations |
| Hardware | Use USB filters/firewalls with policy enforcement |
| Product defaults | Data off by default; user must opt in |
Why should this scare YOU?
This is not science fiction. It is real, tested, and terrifyingly simple. Current USB security assumes the user is in control. Choicejacking breaks that assumption completely. More worryingly, antivirus tools are unable to detect it. These commands happen below the software layer—our phone treats them as normal hardware input.
If You’re an Engineer, Read This Twice. If we design phones, infotainment systems, USB accessories, or embedded panels, fundamental changes are needed. To defend against attacks like choicejacking:
Do not trust HID inputs by default. It is no longer enough to verify what a device is saying; we must verify who is saying it. This means implementing identity checks or secure pairing for connected peripherals. Next, permission prompts must be redesigned to withstand spoofing.
Simple pop-ups won’t suffice; use biometric confirmation or secure touchscreen zones that are protected from fake taps. High-risk actions, like file access or enabling developer modes, should never execute instantly. Introducing even a brief delay can help block timing-based attacks that exploit microsecond windows. Finally, block all USB data access during boot-up; until a device is fully unlocked, it should accept power only, not data, preventing rogue inputs from executing before the system is ready. And if you are working on silicon-level defences, now is the time for a zero-trust USB model, no access without verified cryptographic identity.
| Table 2: Key takeaways | ||
| What | How it works | What to do |
| Choicejacking | Spoofs inputs to bypass USB prompts | Avoid public ports |
| Attack time | Under 133ms | Use data blockers |
| Affects | Android and iOS devices | Update your OS |
| Real threat? | Not yet in the wild, but proven | Be proactive |
For users: Smart habits, not just smart devices
Until hardware catches up, we can protect ourselves by following simple habits:
- Never use public USB ports—they are untrusted computers
- Carry our own charger or power bank
- Use a USB data blocker (a device that blocks data pins and allows power only)
- Select ‘Charge Only’ every time we plug in, especially on Android
- Enable lockdown mode on iOS or Android
- Keep our OS updated
Where the industry stands (and falls short)
Choicejacking is not just a user threat—it is a design challenge for the electronics ecosystem. Systems can no longer trust what a device claims to be; they must verify who is sending the command. USB and Bluetooth permission flows need secure, spoof-proof visual cues. Biometric confirmation, time delays, and hardened permission pathways can slow down or block automated attacks. The current trust model—where any plugged-in HID is assumed legitimate—is far too vulnerable.
And this is likely only the beginning. As devices become more connected and ports more multifunctional, attackers will find new ways in. Rumours already suggest malicious USB-C cables capable of launching similar attacks while appearing completely normal. Without stronger security, the convenience we rely on today could become tomorrow’s vulnerability.
There is some good news. Android has introduced USB restrictions, though input validation remains weak. Apple’s Lockdown Mode offers partial protection but does not address HID spoofing. Linux tools such as USBGuard show promise but operate only at the software level, leaving hardware exploits untouched. What is really needed is a Trusted HID protocol: a secure, cryptographic handshake between device and host, similar to Bluetooth LE’s encrypted pairing.
Until such standards are adopted, it is up to all of us—designers, OEMs, and users—to stay ahead of the threat. When the attack resembles a charger, the only way to stay safe is to reevaluate trust at every level, including chips, OS, and habits.
The age of blind USB trust is over. Choicejacking does not exploit a bug; it exploits a design assumption. The way forward is a fundamental rethink of how we handle USB input. This is our wake-up call. Whether we are engineers, developers, or simply people charging a phone in an airport lounge, we must not trust the port unless we own it. Smarter systems. Smarter habits. No free passes. In today’s world, the most dangerous cable may be the one that claims it is just charging.
Akanksha Sondhi Gaur is a Senior Technology Journalist at EFY with a German patent to her credit. She has seven years of industrial and academic experience and has penned several research papers.
