iOS and Android have long faced a vulnerability known as juice jacking, where simply plugging a phone into a charged cable or kiosk could expose data or run hidden code. Researchers have now revealed that protections put in place over the past decade to curb juice jacking can be bypassed, thanks to a new attack class named ChoiceJacking. The findings show that the underlying USB trust models in mobile operating systems contain exploitable weaknesses that adversaries can exploit through malicious chargers. Apple and Google have already responded with updates, but the researchers caution that not all devices are equally protected, especially within the fragmented Android ecosystem. This piece dives deep into what ChoiceJacking is, how it works, the specific techniques involved, which devices are affected, and what users and manufacturers can do to mitigate the risk.
Background: juice jacking, defenses, and the USB trust model
Juice jacking emerged in public awareness more than a decade ago, rooted in demonstrations that a seemingly ordinary charging cable or kiosk could become a gateway to data exfiltration or the execution of malicious software on a connected smartphone. The core idea was simple in concept: transform the charging accessory into a covert data conduit by embedding hardware that could access a device’s internal resources. In practice, attackers would place seemingly legitimate charging stations in public spaces—airports, shopping centers, and other venues—so that unsuspecting users could recharge their batteries while the malicious hardware quietly copied files or installed malware.
To counter this threat, the leading mobile platforms started implementing mitigations that required user interaction before any data exchange could occur. Beginning in 2012, both Apple and Google integrated prompts that asked users to confirm whether a connected device, including one concealing itself as a charger, should be allowed access to files or to run code. This approach rested on a fundamental assumption drawn from USB protocol behavior: a USB connection is structured such that either a host or a peripheral can drive the interaction at any moment, but not both simultaneously. In practical terms for mobile devices, a phone would either host the data access scenario (for example, when a USB drive is plugged in as a peripheral) or would act as a peripheral being accessed by an external host (like a charger that has become a host).
This distinction is central to how defenses were designed. If the phone is in a host role, it controls which resources are accessible, and the user is prompted to approve or deny access when a computer—or a device masquerading as a charger—attempts to interact with the phone’s data. The logic was grounded in established USB specifications that, on the surface, appeared robust: one device should have control over the data access decision at a time. The defenses were intended to prevent silent, automatic access, forcing user consent whenever a new device connection appeared to be acting as a host with data access intent.
Yet, a recent line of research from the Graz University of Technology in Austria identified a deep weakness in these mitigations. The researchers showed that the trust models embedded in iOS and Android could be manipulated through input injection or other orchestration tactics that bypass the intended “you must grant access” barrier. In other words, the protections assumed a limited attacker model — one that could not meaningfully inject input at the moment a data connection was being established — but real-world attackers could exploit ways to influence the device independently of the user’s physical actions. The result is a new category of attacks termed ChoiceJacking, which can defeat the earlier juice-jacking mitigations across multiple platforms.
The researchers described ChoiceJacking as a platform-agnostic attack principle with several concrete techniques that work against both Android and iOS devices. They demonstrated that a malicious charger could autonomously spoof user input in a way that enables its data connection to be established, thereby enabling access to sensitive files such as photos, documents, and app data. Their evaluations, based on a custom, inexpensive malicious charger design, indicated that the vulnerability is pervasive enough to affect devices from multiple vendors across the market, even when vendor-specific USB stacks have been customized to improve security. The implications of this work are significant, because they reveal a structural weakness in the USB trust model that is not simply a software bug but a fundamental design tension between the way devices negotiate power delivery, data transfer, and user authentication.
In the wake of these findings, manufacturers have begun to respond. Apple released an update to iOS and iPadOS as part of a recent system update that introduces an additional user authentication requirement — such as a PIN or password — for confirming certain data-access actions. Google implemented a parallel change with the Android platform in a later release, reinforcing the authentication requirement in its updated Android environment. While these mitigations improve protection for devices that are fully updated and that run supported versions, there remains a gap: a portion of the Android ecosystem is not up-to-date with the latest security policies, and some device families do not fully enforce the new authentication requirement even when updated to the latest Android version. This fragmentation means that, in practice, many Android devices continue to be vulnerable to ChoiceJacking despite visible progress in other segments of the market.
In addition to the qualitative risk that ChoiceJacking represents, the researchers note that all three identified techniques can defeat the original juice-jacking mitigations. In some cases, one of the techniques extends to compromise protection on Apple devices as well. The common thread across the techniques is that the charger acts as a USB host to trigger the device’s confirmation prompt, and then exploit weaknesses in the host OS to inject input events that approve the data connection or to otherwise enable data transfer without the user’s direct consent.
Within this context, it is important to examine the specific attack modalities and their operational steps, because understanding the mechanics is essential for evaluating both risk and defense strategies. In the sections that follow, the focus shifts to the concrete techniques uncovered by the researchers, how they operate in practice, how long they take to execute on common devices, and how the landscape of devices and OS versions influences the practicality and severity of the threat.
ChoiceJacking: a multi-pronged attack that defeats juice-jacking defenses
ChoiceJacking refers to a family of attacks that are designed to bypass the user-consent mitigations that were introduced to counter juice jacking. The researchers describe three concrete attack techniques that work against both Android and iOS, enabling a malicious charger to autonomously spoof user input and establish a data connection to the phone. The central premise of these attacks is that, even when the OS prompts for user confirmation, there are exploitable pathways that a charger can leverage to make the device believe that the user has provided consent — without the user actively tapping the screen or pressing a button in real time.
One of the most consequential observations from the researchers is that these choices exploit the USB trust model in ways that are not merely a matter of software patches. They argue that the security protections rely on a simplified assumption: once a data connection is being established by a USB host, the user is in a position to confirm or deny the access, and input cannot be injected autonomously by the attacker without triggering a user action. The ChoiceJacking techniques subvert this assumption by introducing an alternate input channel and an automation layer that allows the charger to simulate user input or to cause system actions that mimic user consent. This orchestration creates a secure-looking prompt in which the attacker’s device already has embedded command sequences to fulfill the prompt’s requirements, making the user’s actual input unnecessary.
To illustrate the concept, the researchers outline a platform-agnostic attack principle and describe three concrete techniques that apply to both iOS and Android ecosystems. In essence, the first technique enables a malicious charger to autonomously spoof user input that approves a data connection, thereby acquiring access to files on the phone. The second technique leverages a separate channel (for example, a Bluetooth keyboard embedded within the charger) to perpetuate control, enabling data access by entering commands that confirm and enable the connection. The third technique involves exploiting a device’s USB Power Delivery negotiation and role-swapping mechanism to reconfigure which device acts as host and which acts as peripheral, all while maintaining the attacker’s control over input. The net effect across all three techniques is the establishment of a robust, bidirectional data-access channel that can persist for the duration of the charging session.
The researchers also emphasize that the attack is not hypothetical. They tested a range of devices to evaluate how these techniques perform in practice. The results showed that the ChoiceJacking methods could grant read and write access to sensitive files on devices across multiple vendors, including the top players by market share, with only minimal time required to establish the initial foothold. In practical terms, on the majority of the tested devices, establishing Bluetooth pairing and triggering the data-access state takes roughly 25 to 30 seconds, depending on the phone model. Once connected, the attacker maintains access for as long as the charger remains attached, enabling data exfiltration or modification at will. The researchers note that one Android device from a popular OEM family running a particular custom skin did not fully support the USB PD protocol in a way that allowed the attack to complete, but this was an exception rather than the rule among the tested devices.
These insights have important implications for how device manufacturers, software vendors, and users should think about USB trust and data-access controls. They show that while the prompt-based mitigation can be effective against straightforward, user-driven data access, a determined malicious charger can take advantage of the interaction’s timing, device-specific behaviors, and system-level workflows to surreptitiously achieve data access. The result is a broader caution: even with modern safeguards, the USB ecosystem contains choices for attackers to exploit that require a multi-layered defensive approach beyond simple prompts.
The three concrete techniques in detail
The first technique centers on a charger that starts as a USB keyboard or similar input device. By sending keyboard input, the charger can manipulate the phone’s user interface to enable data access without the user’s direct participation. The charger then establishes a secondary connection — in this case, a Bluetooth keyboard inside the charger — and leverages USB Power Delivery to perform a data-role swap that makes the charger the host again, while the mobile device remains the device. In this configuration, the charger can prompt or approve the required data connection through its Bluetooth-input channel, effectively bypassing the user’s need to interact with the initial prompt. The result is a steady, bidirectional data channel between the device and the charger, enabling read and write access to the user’s files.
The second technique relies on a cross-channel approach that uses the Android Open Access Protocol (AOAP). The AOAP enables a USB host to act as an input device under certain conditions, but the researchers found that some devices accepted AOAP messages even when the host had not been placed into accessory mode. This oversight allows the charger to push a sequence of input actions that bypass the intended restriction, effectively auto-confirming required prompts and enabling the data connection to proceed without explicit user consent.
The third technique exploits a race condition in the Android input dispatcher. The input dispatcher queues events and processes them sequentially, waiting for one event to be fully processed before starting the next. A malicious charger can flood the queue with a carefully crafted sequence of key events, temporarily delaying the dispatching of subsequent events and allowing the charger to switch from a peripheral to a host role while the device is still busy processing the attacker’s events. This timing vulnerability lets the charger push through the data-connection confirmation without the user actively engaging with the prompt.
Across these approaches, the attackers’ objective is twofold: to obtain a reliable input channel that can spoof user consent and to establish a data-access channel that enables file exfiltration or manipulation. In the three-pronged attack model, the attackers achieve both goals by leveraging a combination of input control and USB data pathways that ultimately allow them to access the device’s stored data.
The practical steps and device behavior observed in testing
The Usenix paper detailing ChoiceJacking provides a sequence of steps that an attacker would follow to execute the attack. While the exact sequence is technical, the core flow can be summarized as follows: first, the victim’s device is connected to a malicious charger and the phone screen is unlocked. The charger then performs a USB Power Delivery data-role swap, causing the phone to assume host status and the charger to become an input device. The charger ensures Bluetooth is enabled, navigates to the Bluetooth pairing settings, and begins advertising itself as a Bluetooth input device. The charger scans for newly discoverable Bluetooth devices, identifies the victim device, and initiates pairing. The charger, acting as a USB input device, accepts the pairing confirmation that appears on screen, establishing a Bluetooth link with the phone. The charger then performs another USB PD data-role swap, returning to the USB host role while the victim device is now the USB device. Finally, the charger initiates the data connection and uses its Bluetooth input device to confirm the connection, thereby granting the malicious charger read and write access to the device’s files for as long as the charger remains connected.
During testing, the researchers found that the technique worked against all but one of the 11 phone models evaluated. The lone exception was an Android device running a variant of Vivo’s Funtouch OS, which did not fully support the USB PD protocol in the way required for the attack. For the remaining 10 models, the Bluetooth pairing could be established within roughly 25 to 30 seconds, with the attacker gaining the ability to read and write to the device’s file system for the duration of the charging session. The rapid establishment of this foothold highlights the ease with which a malicious charger could compromise a device in a public setting.
In addition to the first attack vector, the researchers described two other methods that specifically target Android devices and defeat the earlier Android mitigations or rely on Android’s own input-handling weaknesses. The AOAP-based approach shows that certain Android devices could be coaxed into accepting input that would bypass the confirmation requirements. The race-condition approach demonstrates that the input dispatcher could be overwhelmed with crafted events, causing a delay or misinterpretation of core prompts when the charger switches roles during the session. Together, these methods expand the attack surface beyond the original juice-jacking mitigations and illustrate a broader threat posed by ChoiceJacking.
Device and vendor landscape: who is patched, who remains vulnerable
In response to the ChoiceJacking findings, vendors have taken steps to strengthen protections. Apple has updated its iOS and iPadOS line to require user authentication, such as a PIN or password, to complete certain data-access actions following the establishment of a data connection. This change is designed to ensure that even if an attacker can spoof input or manipulate prompts, the user’s authentication remains essential to granting access to the device’s data. Google has implemented a corresponding update for Android devices, reinforcing the authentication requirement with Android 15. These changes are significant because they demonstrate the industry’s recognition of the vulnerability and the need to raise the bar for entry into the device’s data.
However, the researchers note that the degree of protection in practice depends heavily on the extent to which devices receive and enforce these new policies. Android, in particular, is highly fragmented, with dozens of manufacturers and customized software layers. The authors point out that many devices from manufacturers other than the two major players have yet to upgrade to Android 15 or to fully implement the new authentication requirement. Among the major OEMs, Samsung devices running One UI 7 may not consistently enforce the new authentication standard, which leaves a broad swath of Android devices vulnerable to ChoiceJacking despite the availability of updated software. This fragmentation means that while flagship devices from Apple and Google are largely protected when fully updated, a large portion of the Android landscape remains at risk, particularly devices that do not receive timely or complete security updates.
The research also notes that one particular Vivo Android device with a Funtouch OS variant did not fully support the USB PD protocol, making it resistant to the exact form of ChoiceJacking demonstrated in the tests. That said, this was a single holdout among 11 devices tested, and the general finding remains that most modern Android and iOS devices are susceptible to at least some ChoiceJacking technique unless they have implemented the new authentication regime or additional mitigations that block these attack patterns.
From a policy and risk-management perspective, there is a tension between user convenience and stronger security controls. The authors emphasize that the core problem is not simply a programming error but a deeper issue in the USB trust model used by mobile operating systems. Adopting stronger protections often requires changes to user experience, potentially slowing the process of establishing data connections in certain scenarios. This friction is likely a major reason why some manufacturers have been cautious about implementing the new authentication requirements across all devices and markets. But in light of ChoiceJacking’s demonstrated ability to bypass older protections, the industry now faces a choice: sacrifice some degree of user convenience to significantly bolster security, or continue to rely on prompts that can be subverted by sophisticated attackers.
Citations for vulnerabilities tied to specific products have been noted by researchers as CVE identifiers for major players: Apple, Google, Samsung, and several other manufacturers. These identifiers help track the known vulnerabilities and patch histories, but the broader takeaway is that the vulnerability remains in the USB interaction model across many devices and that progress is uneven across vendors. While Google reported that the weaknesses were addressed in Android 15, the landscape remains uncertain for devices from other manufacturers and for devices that do not receive regular updates. The security community, in turn, is calling for a more comprehensive approach to USB trust that minimizes the possibility of input spoofing and eliminates the potential for automatic data access in charging contexts.
Mitigations, practical guidance, and what users should do now
The emergence of ChoiceJacking has prompted both platform owners and device manufacturers to reexamine their defensive posture and consider additional safeguards. Apple’s 18.4 update adds an authentication requirement for confirming data access, reinforcing the idea that the device should not simply assume user consent based on a prompt’s presence. Google’s Android 15 update similarly reinforces the authentication requirement, but the effectiveness of these protections depends on device-level adoption, OS version, and OEM customization. For end users, the immediate takeaway is to ensure devices are kept up to date with the latest official updates from the device’s manufacturer, particularly Android devices from major OEMs that may lag behind in policy enforcement due to fragmentation.
Users should also be mindful of public charging environments, which remain a practical risk vector for USB-based data access. The researchers note that while data blockers and power-only cables can provide a mitigation by disabling data lines during charging, these approaches can interfere with modern power negotiation mechanisms and potentially affect charging speeds. Nevertheless, in public settings, such devices can still offer a meaningful layer of protection by preventing data transfer while allowing power delivery to proceed. The broader security message is that relying on a prompt alone is no longer sufficient in many environments; a combination of device updates, hardware-based blockers or specialized cables, and careful charging practices should be considered part of a layered defense strategy.
Another critical area of focus is developer and user education around USB debugging. Researchers emphasized that USB debugging is a common configuration that can inadvertently leave devices exposed to high levels of access, especially when devices are connected to development rigs or when users enable debugging for riskier purposes. For devices that have USB debugging turned on, ChoiceJacking can threaten to gain shell access via tools like the Android Debug Bridge. This adds yet another incentive to keep debugging disabled unless explicitly required for a legitimate development scenario, and to enforce strict controls around which devices can interact with a phone in debugging mode. The combination of software updates and best-practice device configuration can significantly reduce the risk posed by ChoiceJacking.
In addition to these immediate steps, users and organizations should watch for ongoing guidance from device manufacturers and security researchers. The core takeaways center on adopting a multi-layered security approach that combines updated authentication requirements, hardware-based protections where available, careful management of developer options, and thoughtful charging practices in public spaces. As the ecosystem evolves, further refinements to the USB trust model and associated user-validation mechanisms are expected, with the potential for more rigorous on-device policy enforcement and better isolation between charging functionality and data access controls.
Technical glossary and deeper explanations of key concepts
To help readers understand the core ideas behind ChoiceJacking and its relation to juice jacking, here is a concise glossary of terms and concepts that appear repeatedly in the discussion:
- Juice jacking: A class of attacks where charging infrastructure or cables covertly accesses or compromises data on a connected device while supplying power.
- ChoiceJacking: A new family of attacks that bypass juice-jacking mitigations by exploiting OS trust models and input pathways to spoof user consent and establish data access through a malicious charger.
- USB host vs. peripheral: In USB terminology, the host is the controlling device that manages data transfers and power delivery, while the peripheral is the device being accessed. The USB standard allows transitions between roles, which can be exploited.
- USB Power Delivery (USB PD): A flexible protocol that negotiates power levels and roles between USB devices, including data role swaps where a device can switch between hosting and being hosted.
- Data Role Swap (DR Swap): A mechanism within USB PD that allows devices to swap their roles as host and device during a connection, enabling new control dynamics for data exchange.
- AOAP (Android Open Access Protocol): A protocol that enables a USB host to function as an input device under certain circumstances, with the potential to disrupt standard data transfer flows if not properly constrained.
- OS input dispatcher: The OS subsystem that handles input events (such as key presses and taps) and routes them to the appropriate applications or system settings.
- Bluetooth pairing: The process by which devices establish a Bluetooth connection and exchange keys to enable two-way communication.
- Lockscreen and user authentication: Security measures like PIN, password, fingerprint, or facial recognition required before accessing or confirming sensitive operations on a device.
- One UI and other OEM skins: Manufacturer-specific user interfaces layered on top of the base Android OS, which can affect how security features are implemented or enforced.
- Funtouch OS: Vivo’s Android-based user experience, noted in testing as not fully supporting a particular USB PD protocol behavior in one device variant.
- CVE identifiers: Common Vulnerabilities and Exposures numbers used to track reported security flaws. While they help track issues, the broader discussion focuses on the systemic risk of USB trust models beyond a single CVE.
What this means for the future of mobile USB security
The ChoiceJacking findings highlight a critical challenge for mobile device security: robust data protection in the context of a highly interconnected and everyday charging ecosystem requires more than prompt-based confirmation. The USB ecosystem intertwines power negotiation, device role assignments, and user authentication in ways that can be manipulated by adversaries who control the charger. The fact that multiple attack pathways can bypass previously deployed protections indicates a need for a more holistic approach to USB trust, one that includes stronger end-to-end protections, device-specific enforcement, and consistent cross-vendor adoption of secure defaults.
Moving forward, we can anticipate several potential directions. First, device manufacturers are likely to pursue deeper integration of authentication requirements into the data-access workflow, ensuring that even if an attacker can spoof prompts, access cannot be gained without explicit user verification or hardware-based attestation. Second, there could be an emphasis on isolating charging hardware from data access channels, perhaps through stricter segmentation of USB roles or through hardware that physically blocks data lines unless explicitly authorized. Third, a broader push for standardization across the Android ecosystem could reduce fragmentation, ensuring consistent behavior and enforcement of security policies across devices, including those from smaller OEMs.
Public awareness will also play a crucial role. As the risk of ChoiceJacking becomes better understood, users may adopt safer charging practices, such as using data-blocking or power-only cables in public spaces and verifying device updates before connecting to public charging stations. Security researchers and industry groups may collaborate on best practices for USB trust models, with the aim of minimizing the risk of input spoofing and other forms of attack while preserving the usability that users expect from modern charging experiences.
Conclusion
ChoiceJacking represents a notable shift in the threat landscape around public charging and USB data access. By exploiting the trust models that underpin iOS and Android and by leveraging a combination of input spoofing, data-role manipulation, and cross-channel coordination between USB and Bluetooth subsystems, attackers can defeat earlier juice-jacking mitigations on a broad swath of devices. Apple and Google have responded with updates that strengthen authentication requirements, but the real-world effectiveness of these mitigations depends on complete and timely deployment by device manufacturers, particularly within the Android ecosystem’s fragmented landscape. For end users, the immediate practical advice is to keep devices up to date with official security patches, use caution in public charging environments, consider data-blocking or power-only solutions where appropriate, and review development settings such as USB debugging to minimize unnecessary exposure.
As researchers continue to refine their understanding of ChoiceJacking and as device-makers evolve their security models, the security community will likely see a continuing emphasis on robust, layered defenses that reduce the risk of unauthorized data access via charging infrastructure. The evolving story underscores the importance of proactive security design that anticipates attacker capabilities and seeks to harden the USB trust framework against both current and emergent threats.
