ChoiceJacking shows iOS and Android juice-jacking protections have been trivially bypassed for years

A decade-long effort to harden mobile devices against “juice jacking” has revealed a fundamental flaw in the defenses that were meant to block covert data exfiltration when phones are charged at public stations. Researchers have disclosed a new class of attacks, dubbed ChoiceJacking, that bypasses existing safeguards by exploiting how users authorize access, and how USB trust models interact with modern iOS and Android operating systems. While Apple and Google have already updated some protections, the broader Android ecosystem remains exposed on many devices, and the threat extends beyond simple data theft to potentially enabling full control over a phone’s data channels. The emergence of ChoiceJacking underscores a tension between user convenience and robust security, illustrating that even well-intentioned security prompts can be subverted when the underlying trust assumptions in USB communications are challenged. This evolving story highlights why tech users should reassess the risks of public charging stations and why ongoing device updates and vendor accountability remain critical in the mobile security landscape.

Background: From juice jacking to contemporary threats

Juice jacking is a concept that gained public attention around 2011 after a KrebsOnSecurity article described an attack demonstrated at the Defcon security conference. The core idea was starkly simple yet alarming: a charging station or cable could be weaponized with hidden hardware to access files on a connected phone or to run code behind the user’s back, all while the device appeared to be merely drawing power. The model relied on the physical interface of USB, which provides both power and data pathways. An attacker could place a malicious charger in public venues such as airports or shopping centers, making it easy for unsuspecting users to recharge their phones while inadvertently exposing sensitive data or enabling code execution.

In response to these concerns, major mobile platform developers began implementing mitigations designed to require explicit user consent before a computer or a USB-connected device could access data on the phone. Starting in 2012, Apple and Google implemented prompts that required users to confirm whether to grant access to files or to run code when a USB connection was detected. This approach relied on a key principle of the USB protocol: a device on a USB bus can act as a host or as a peripheral, but typically not both simultaneously. In the phone context, the intent was that the phone would function as the host when interacting with a peripheral like a USB drive, but would behave as a peripheral when connected to a computer or a charger masquerading as a host.

Despite these mitigations, researchers have identified that the foundational trust models baked into iOS and Android contain exploitable loopholes. The practical implication is that even when a user sees a prompt asking for consent, there are pathways for a charger to autonomously influence the device—enter ChoiceJacking, a platform-agnostic attack approach that undermines the presumed security of the prompt and the data access controls. The Graz University of Technology researchers who introduced ChoiceJacking have argued that the long-standing assumption—that an attacker cannot inject input events while a data connection is being established—does not hold in real-world practice. This disconnect between theoretical protections and practical implementation created the breach that ChoiceJacking exploits.

In their Usenix Security Symposium paper, the researchers emphasized that ChoiceJacking is platform-agnostic in principle and described three concrete attack techniques that work against both Android and iOS devices. Their evaluation, which involved a deliberately inexpensive malicious charger, revealed that the attacks could grant access to sensitive user data across multiple vendors and device families. The key takeaway is that the trusted user prompt, and the device’s associated confirmation flow for beginning a data transfer, can be bypassed by a malicious charger that can autonomously inject input events and manipulate screen prompts to gain approval or to proceed with the data connection. The discovery raised questions about the strength of the USB trust model used by mobile operating systems and highlighted that device fragmentation—the existence of many different hardware and software configurations—can complicate uniform protection.

The researchers also noted that this vulnerability undermines not only the historical juice-jacking defenses but also the newer measures that rely on user confirmation. In other words, even though the prompt exists to prevent unauthorized file access, the prompt itself can be manipulated by a compromised charger that has established a data connection and, crucially, has found ways to inject input to simulate user actions without direct involvement from the device owner. The overarching message is clear: the threat is not merely about plugging in at a charging station but about the deeper, systemic trust relationships that govern how USB devices interact with modern mobile OS stacks.

The USB trust model and the emergence of ChoiceJacking

At the heart of ChoiceJacking lies a vulnerability in the USB trust model that governs how devices establish control and permissions during a connection. The USB specification describes a host-device relationship in which one end takes control (the host) and the other end acts as a subordinate peripheral. In the mobile ecosystem, this means a phone can act as the host when a USB device such as a flash drive or keyboard is connected, or it can act as a peripheral when connected to a computer. The intended boundary is that the device owner should decide whether to grant access to the host’s resources by approving a prompt.

Researchers from Graz University of Technology demonstrated that certain assumptions underlying the protection logic are not robust in practice. Specifically, they argued that the model presumes attackers cannot inject input events while a data session is being established, and that the OS could reliably enforce the user’s explicit consent in these scenarios. However, their findings show that a charger can be engineered to function as a USB host or peripheral depending on the phase of the data exchange, and it can also coordinate with a secondary channel (such as Bluetooth) to supply alternate input channels that simulate user approvals. In other words, ChoiceJacking exploits the multi-channel nature of modern devices (USB, Bluetooth, wireless authentication flows) to create a composite attack that makes the consent flow self-confirming, effectively bypassing the safety prompts.

The Usenix paper lays out a platform-agnostic principle and describes three concrete attack techniques that enable a malicious charger to autonomously spoof user input and establish a data connection. The researchers stress that, even with vendor-specific USB stacks and enhancements, ChoiceJacking demonstrates an alarming level of vulnerability across devices from numerous vendors and a broad range of hardware configurations. The study also emphasized that the USB security landscape remains precarious, even though there have been incremental improvements from both Apple and Google as mitigations were introduced in later OS versions. The core problem identified by the researchers is that trust in USB data pathways is distributed across devices, protocols, and user interaction models, and a single compromised element can undermine the entire protective stack.

If the USB Data Role Swap and related power-delivery negotiations are leveraged, a charger could, in principle, transition a connected device through a series of steps that enable two critical channels for the attacker: (1) an input channel capable of spoofing user consent and (2) a data channel allowing file access. The described attack sequence hinges on a dynamic reconfiguration of USB roles (Data Role Swap) and the use of Bluetooth input devices to control the phone temporarily, thereby bypassing an on-screen confirmation and enabling the attacker to proceed with the data connection. This is a departure from the simpler “press OK” prompt scenario and demonstrates how interleaved hardware-level actions can subvert security controls that depend on user interaction alone.

The three concrete attack techniques that bypass juice-jacking mitigations

ChoiceJacking encompasses three distinct techniques that were designed to defeat the standard juice-jacking mitigations implemented by iOS and Android, capturing the imagination of researchers because they demonstrate how a charger can actively participate in the interaction flow to undermine security. Each technique relies on different hardware- and software-level manipulations to achieve the same end: autonomous access to user files and data without requiring the victim’s explicit consent on each step.

1. The keyboard-input-and-data-channel technique (the “keyboard host” variant)

• In this approach, the malicious charger begins as a USB keyboard or similar peripheral. It sends lightweight keyboard inputs via USB, such as basic arrow keys, tabbing, or more complex key combinations that trigger specific settings or reveal status information on the device’s screen. The charger then contains a second miniature keyboard hidden inside the charger that communicates over Bluetooth with the first keyboard input to create a coordinated control signal.
• The charger leverages USB Power Delivery (USB PD) and the Data Role Swap mechanism to change the device’s role: the victim device becomes a USB host, the charger becomes an input device. In parallel, the charger reconfigures its internal channels so that the Bluetooth keyboard remains connected to the victim device, thereby providing a second input path that can confirm prompts or navigate menus.
• Once the input channel is established and the device is acting as the host, the charger navigates to settings that permit Bluetooth pairing, makes the device discoverable, and initiates pairing. The attacker then uses the Bluetooth input to approve the pairing and maintain control.
• After the pairing is established, the charger performs another Data Role Swap to make the charger the USB host while the phone becomes the USB device. In this role, the charger can begin a data connection, and the Bluetooth input device can confirm the data connection on the phone.
• The result is that the charger gains both an input channel that can simulate user consent and a data channel enabling file access. This technique proved effective against a broad set of devices, with all but one model tested meeting the conditions for this attack, except for an Android device running Vivo Funtouch OS, which did not fully support the USB PD protocol in the way required for the attack. In practical terms, the Bluetooth pairing often completed within 25 to 30 seconds, though this timing varied by device.

2. The Android AOAP-based technique (Android Open Accessory Protocol misuse)

• The second method exploits the Android Open Accessory Protocol (AOAP), which allows a USB host to act as an input device when the host sends a specific message that places the device into accessory mode. The protocol’s intention is to enable peripheral devices to access certain capabilities when connected to a host, but not to allow continuous or autonomous confirmation actions.
• The attacker’s charger uses AOAP to trigger a state in which the USB host can act as an input device, effectively bypassing prompts or confounding the normal access flow. The critical flaw is that the AOAP implementation on many Android devices does not strictly enforce the boundary that should prevent the host from issuing control commands that the user would normally approve, leading to a mismatch between intended policy and actual behavior.
• The consequence is that a charger can autonomously perform the required confirmations for data access by issuing input events and accepting file transfer actions without requiring direct, explicit user approval for each operation. This technique demonstrates how a protocol-level misalignment can be exploited to re-establish control of the interaction flow in a way that is not easily mitigated by conventional prompts.

3. The race-condition-based technique (Android input-dispatcher vulnerability)

• The third method targets a race-condition vulnerability in the Android input dispatcher. The input dispatcher processes events by placing them in a queue and handling them sequentially. If the logic associated with key events becomes overly complex, it can delay event processing for other processes.
• A malicious charger can flood the input queue with a crafted sequence of key events, effectively saturating the dispatcher. The attacker then switches the USB interface from peripheral to host while the device remains busy processing the attacker’s events. In this window, prompts for data connections may be accepted by the device due to delayed or mis-timed event handling.
• As a result, the charger’s input events can secure user consent for the data connection without the user actively confirming it, enabling access to the device’s data and associated resources while the device is still processing or the user is otherwise occupied. This technique extends beyond simple prompt bypassing because it manipulates the OS’s event processing pipeline itself.

Together, these three techniques demonstrate that ChoiceJacking is not a single flaw but a family of attack patterns that exploit how input, prompts, and data connections are orchestrated within the OS and across USB and wireless interfaces. The attackers’ ability to establish two channels—one for spoofed input and one for data access—means that a charger can covertly enable data exfiltration or more extensive access once initial trust has been established.

Two additional Android-specific techniques and their implications

Beyond the three core ChoiceJacking techniques that affect both iOS and Android, researchers identified two Android-specific attack methods that exploit particular implementations of vendor USB stacks and OS prompts. These techniques target the remnants of earlier juice-jacking mitigations and leverage Android’s unique handling of accessory mode and input management to broaden the attack surface.

1. AOAP-based Android technique (focused on Android devices)

• As described above, this method uses AOAP to command a host to act as an input device and to bypass the user-consent step. The critical problem lies in inconsistent adherence to the protocol’s boundaries across different Android devices and manufacturers. While Google’s approach to mitigate such threats with the Android 15 update aimed to standardize user authentication requirements, device fragmentation means that not all Android devices have uniformly adopted the new policies.
• The AOAP variant underscores a broader issue: even if a standardized feature exists at the OS level, the actual implementation across a diverse ecosystem of manufacturers can vary. If a device’s USB stack or accessory handling diverges from intended behavior, the risk of a charger exploiting AOAP messages increases, making it more challenging for users to rely on a single, universal protection.

2. Input-dispatcher race-conditionAndroid technique (ongoing OS-level risk)

• The race-condition approach demonstrates that a mismanaged event queue and a heavy key-event handler can create timing windows in which a malicious accessory can sneak in user consent or data access steps. The attacker’s ability to flood the event queue and then switch roles between host and peripheral to exploit delayed processing shows a fundamental weakness in how Android’s input system handles high-frequency or complex input sequences from non-standard devices.
• This technique is particularly concerning because it highlights how even legitimate features—such as the prompt for data transfer and the ability to pair Bluetooth devices—can be subverted when OS-level event handling is susceptible to timing-based exploitation. The result is a more nuanced and broader threat surface on Android devices.

In practice, the Usenix study presents a matrix that maps tested devices to the vulnerabilities they were susceptible to across the three ChoiceJacking attack techniques. The results showed that most tested devices were vulnerable to at least one of the three methods, with the Vivo Funtouch OS Android device standing out as an exception due to its partial lack of support for the USB PD protocol as required by the attack chain. The remaining ten devices tested were vulnerable to the suite of ChoiceJacking techniques, and the time to establish a Bluetooth pairing typically fell in the 25–30 second range, varying by device. Once connected, attackers gained both the ability to read and write data on the device as long as the charger remained connected.

Updates, mitigations, and the current security posture

The researchers stated that the mitigations implemented by Apple and Google do blunt ChoiceJacking attacks on devices that have fully updated software stacks. In particular:

• Apple rolled out iOS and iPadOS 18.4 that strengthens the authentication requirement for USB data access by requiring the user to authenticate with a PIN or password before copying data or granting access to files. This additional layer of authentication makes it significantly harder for a charger to spoof user input and bypass prompts.
• Google released Android 15 with a more robust authentication model aimed at ensuring that a user must confirm, with some form of authentication, any data-transfer operation initiated via USB. The researchers noted that these changes effectively blunt the ChoiceJacking technique on fully updated devices.
• However, device fragmentation within the Android ecosystem remains a challenge. Many Android devices from various manufacturers have not updated to Android 15 or have not implemented the new authentication workflow as part of their skin or customization layer (for example, some Samsung devices running One UI 7 do not enforce the new authentication requirement even when on Android 15). The practical consequence is that a sizeable share of Android devices remains susceptible to ChoiceJacking.

The researchers also highlighted that the biggest threat remains on devices configured with USB debugging enabled. USB debugging is a development feature that some users enable to troubleshoot apps, transfer data, root devices, or install alternative operating systems. When USB debugging is on, an attacker can gain shell access via the Android Debug Bridge, install apps, access the file system, and execute malicious binaries. This level of access far exceeds what PTP (Picture Transfer Protocol) and MTP (Media Transfer Protocol) can offer in terms of read or write access to system files, and thus the risk profile is much higher for devices that have USB debugging enabled. The vulnerabilities have been cataloged under a set of CVEs: Apple’s CVE-2025-24193; Google’s CVE-2024-43085; Samsung’s CVE-2024-20900; Huawei’s CVE-2024-54096. A Google spokesperson indicated that these weaknesses have been patched in Android 15, but the status of devices from other manufacturers remains uncertain due to updates not being uniformly implemented or deployed. Apple declined to comment on this in this context.

In the broader security discourse, the updates to the iOS and Android platforms have spurred renewed caution around public charging stations. There has been renewed emphasis from federal authorities, tech pundits, media outlets, and state and local agencies on avoiding public USB charging stations and using data-blocking cables or power-only adapters when possible. While many experts acknowledge that data-blocking cables can degrade charging speed because they interfere with modern power-negotiation schemes, the researchers emphasized that this is a practical compromise that can reduce the risk of data exposure at public charging kiosks. The concern is particularly pronounced for Android devices that have not adopted Google’s new authentication requirements or for devices that remain vulnerable due to manufacturer-specific implementations and firmware updates.

One of the more controversial takeaways in public and policy discourse is the balance between device usability and security. The researchers noted that the friction introduced by stronger authentication prompts—such as requiring a PIN or biometric authentication before data access is allowed—can slow down legitimate workflows and complicate user experiences. This friction is likely a primary reason for the slow uptake of changes across all Android devices. As one of the paper’s lead authors explained, the risk is not merely a programming error but a fundamental rethinking of the USB trust model in mobile operating systems. The trade-off is a more secure system at the potential cost of usability for everyday users who rely on quick and seamless charging at public venues.

Real-world impact, risk assessment, and practical guidance

Despite the alarming nature of ChoiceJacking, the researchers were careful to note that there have been no documented cases of these attacks in the wild to date. This absence of observed exploitation is not unusual for sophisticated, condition-reliant exploits that require specific hardware configurations and a confluence of OS-level behaviors. Nevertheless, the potential risk is sufficiently credible to warrant serious consideration by both users and device manufacturers. The threat landscape for public charging environments remains dynamic, especially given that many devices may not yet be patched or configured to fully implement the new security requirements.

The most significant risk remains for devices that are susceptible to USB-based attack vectors and that have USB debugging enabled. In such configurations, attackers can gain elevated access and potentially carry out more harmful actions than mere data exfiltration. The authors of the Usenix study warn that they see a fundamental shift in how USB trust relationships should be designed and enforced in mobile systems. The current models, they argue, rely heavily on prompt-based user consent, which, as ChoiceJacking demonstrates, can be insufficient if an attacker can inject inputs or manipulate the prompt flow.

From a consumer perspective, a practical takeaway is to exercise caution when using public charging stations and to consider the following best practices:

• Use power-only charging cables or data-blocking cables at public charging stations to prevent data transfer while charging.
• Disable USB debugging on devices, especially for users who do not require it for routine operations.
• Ensure devices are updated to the latest OS versions that implement stronger authentication for USB data access (iOS 18.4+ and Android 15+ are the examples cited by researchers).
• Be aware that device manufacturers and OS vendors have different update cadences, so even devices that are capable of applying updates may not receive them promptly.
• For users who must charge in public places, consider alternative charging methods, such as portable power banks, or charging from a trusted source.

The ChoiceJacking findings also highlight that reducing risk in public charging environments is not solely about patching software but about re-evaluating how trust is established and maintained between a host device and connected peripherals. The research underscores that even robust prompts can be subverted when the attacker can manipulate input channels or leverage protocol-level weaknesses. As a result, ongoing collaboration among hardware designers, OS vendors, and security researchers remains essential to reduce exposure and to deploy mitigations that are both secure and user-friendly.

Conclusion

ChoiceJacking marks a significant moment in the ongoing effort to secure mobile devices against charging-time threats. It reveals that juice-jacking mitigations—though valuable—have critical blind spots rooted in the USB trust model and the way modern devices handle input and data connections. The three core techniques demonstrate that a malicious charger can autonomously spoof user input to approve data transfers and establish data channels, effectively bypassing traditional safeguards. Two Android-specific methods further illustrate how protocol misuse and driver-level timing issues can widen the threat landscape.

Apple’s and Google’s responses with stronger authentication requirements on iOS and Android devices show that these mitigations can be effective in reducing risk for updated devices. However, the reality of device fragmentation means that many Android devices still remain vulnerable, particularly those that have not adopted Android 15 or that do not enforce the new authentication workflow. The lingering threat is particularly acute for devices with USB debugging enabled, which can grant attackers elevated access through the Android Debug Bridge.

While there are no documented in-the-wild cases to date, the study’s results compel users and manufacturers to reassess public charging practices and to pursue more robust, user-friendly protections. With the threat evolving alongside the USB ecosystem, continued vigilance, comprehensive device updates, and standardized implementations across manufacturers will be essential to reduce risk and preserve user safety in an increasingly connected world. Users should implement pragmatic safeguards today, and device makers should prioritize consistent, cross-platform defense strategies to shield the broad and diverse user base from ChoiceJacking and related USB-based risks.