New ChoiceJacking Attack Breaks iOS and Android Juice-Jacking Defenses That Have Been Trivially Bypassed for Years

Juice jacking has resurfaced with new sophistication. After years of built-in defenses intended to keep phones safe from tainted charging equipment, researchers have uncovered a fundamental flaw that makes those protections bypassable. The new ChoiceJacking attack demonstrates how malicious chargers can slip past iOS and Android safeguards to access personal data and, in some cases, trigger actions that grant ongoing access. The implications extend beyond a single device or platform, highlighting a systemic weakness in how mobile USB trust models are implemented and enforced. The findings come as manufacturers race to balance security with user convenience, a tension that ChoiceJacking exposes in stark terms. For everyday users, the messages are clear: public charging stations remain a potential risk vector, and device owners should reassess the trade-offs between convenience and privacy in shared charging environments. The breakthrough emphasizes that even well-established, longstanding mitigations can be undermined if the underlying trust assumptions are not robust across all devices and configurations.

Table of Contents

The legacy of juice jacking and the USB trust model

Juice jacking traces its public storytelling back to a 2011 KrebsOnSecurity article that described a demonstration at a Defcon security conference. In that scenario, attackers embedded hidden hardware in chargers or kiosks and used them to access files or run code on phones connected to those chargers. The attack relied on the basic premise that the charging device would merely supply electricity while the compromised charger covertly interacted with the phone’s internals. The risk was concrete: at busy transit hubs, airports, or shopping centers, people routinely plug in to recharge, often with devices they barely suspect to be compromised. The concept of juice jacking hinges on the idea that a charger can act like a covert USB intermediary, bridging a phone’s data interface with a malicious host.

In response, Apple and Google began to harden their mobile operating systems starting around 2012. The central idea was to require explicit user consent before a computer—or a charger masquerading as a computer—could mount access to the device’s files or execute code. The operational logic behind these mitigations depended on a critical technical assumption embedded in the USB protocol: there is a dichotomy between a host device and a peripheral device, and at any given moment one side can take control while the other is passive. Under this model, when a phone is connected via USB, it could either host a peripheral device (such as a keyboard or storage device) or be fed by a host (like a computer). The protections framed the user as the final arbiter of whether data access or code execution should commence.

This model, while intuitively sound, rests on expectations about how input and control signals propagate between devices. The strictest interpretation assumes that a connected USB host cannot trick the phone into silently enabling a data path or approving data transfers without explicit user input. That assumption informed the design of consent dialogs and the sequencing of prompts that must be acknowledged before a data connection or file access is established. The broad aim was to ensure that, even if a charger was malicious, the user would see a clear prompt and would need to actively approve any data-sharing action. Over the years, these protections hardened the attack surface and reduced the odds of a successful juice-jacking incident, especially on devices that had received timely updates and developers that embraced the new authentication steps.

Yet, despite the intent of these mitigations, researchers have shown that the underlying USB trust model contains exploitable gaps. The core issue lies in the interaction between how USB devices negotiate roles and how operating systems interpret and enforce the resulting prompts. The fundamental constraint—who acts as host, who acts as peripheral, and under what conditions—shaped both the defenses and the perceived risk. The reality, as uncovered by the latest research, is that the protections were built on a simplification of a much more complex and nuanced protocol negotiation. The practical effect is that, in real-world configurations and across a broad range of devices, attackers can craft scenarios in which user input is spoofed or bypassed without the user’s clear intention. The result is a category of attack that blends hardware manipulation with software-level trust exploitation, a combination that makes traditional juice-jacking mitigations less effective than previously believed.

In this milieu, ChoiceJacking emerges as a platform-agnostic framework for bypassing the established prompts and safeguards. Researchers stress that the problem is not a single fragile line of code or a single vendor’s oversight; rather, it is a systemic vulnerability rooted in how modern mobile devices implement and enforce USB trust. The work describes how an attacker can manipulate the USB data path, hardware interfaces, and OS-level event handling to create a situation where a charger can autonomously interact with the phone in ways that simulate, or outright override, user consent. The significance is that even with updated prompts and updated OS code, the attacker can exploit core assumptions about input event handling and role swapping to forge a legitimate-seeming approval, thereby enabling data exfiltration or unauthorized access to internal resources.

A key takeaway from the foundational discussions is that the USB protocol is designed around a host-peripheral relationship, but modern devices implement a more dynamic and sometimes ambiguous interpretation of this relationship. The host-peripheral distinction matters not only for data transfer, but also for who has control over the device’s permission prompts and how those prompts are presented and consumed. The sophistication of ChoiceJacking rests on a careful orchestration of input injection, role negotiation, and prompt navigation designed to appear as if the user authorized the action. The discovery demonstrates that even with explicit user prompts, certain sequences of hardware and software interactions can shift control in subtle, yet impactful, ways. The outcome is that the promise of “tap to approve” security can be undermined if input and role management are not robustly synchronized across all layers of the device stack.

In the broader landscape, ChoiceJacking indicators suggest that the trend toward stronger, user-verified authentication still faces real-world barriers. Consumers must understand that updates—while essential—do not automatically guarantee complete immunity against all plausible attack vectors, particularly when those vectors exploit the fundamental assumptions about how devices negotiate trust during USB connections. The evolving narrative underscores the need for more resilient, cross-vendor strategies that address not only the software prompt but also the hardware and protocol layers that shape the initial handshake between charger and phone. The outcome is a layered security problem requiring a multi-pronged approach: firmware hardening, OS-level prompts reinforced by robust, hardware-backed checks, and user education that does not rely on a single line of defense.

What ChoiceJacking claims reveal about attack principles

ChoiceJacking is not a single exploit but a family of attack techniques designed to defeat the established protections against juice jacking. The core claim from researchers is that the mitigations presume an attacker cannot inject input events while a data channel is being established. In practice, that assumption does not hold across real devices and configurations. The researchers describe a platform-agnostic attack principle that underpins three concrete attack techniques for both Android and iOS. All three enable a malicious charger to autonomously spoof user input in a way that triggers its own data connection, while simultaneously exfiltrating data from the phone. The evaluation used a custom, inexpensive malicious charger design to demonstrate how the current state of USB security could be compromised on a wide range of devices from multiple vendors with varying USB stack implementations.

The Usenix Security Symposium presentation in Seattle provided a framework for understanding how the attacks function in a real-world context. The teams behind ChoiceJacking detail that, despite vendor-specific customizations, the attacks could gain access to sensitive user files—ranging from pictures and documents to app data—on devices from multiple vendors that together dominate a large share of the market. The breadth of the findings signals a systemic risk: even platforms that have adopted stronger prompts and integrated authentication checks can still be vulnerable unless the interplay of hardware and software security is fully harmonized.

One of the most striking aspects highlighted by the researchers is the reliance on trust models that may assume attackers cannot disrupt the prompt timing or the input event stream. By injecting inputs or by leveraging alternate channels of communication, attackers can prompt the device to admit access just as a legitimate user would. This undermines not only the perceived safety of the prompt itself but also the broader narrative that a simple tap or password is sufficient to grant permission. The result is that ChoiceJacking exposes gaps in how devices interpret role shifts and input events during the critical window when a data connection is requested.

Three distinct attack techniques are central to the ChoiceJacking framework:

Technique 1: The charger acts as a USB keyboard or similar peripheral, injecting key presses that navigate system settings and prompts. It then uses a secondary, hidden input channel to confirm data access, leveraging a flow that begins with a USB host swap, allowing the charger to bring Bluetooth or other interfaces into play and later regain host status to initiate file transfers.
Technique 2: The Android Open Access Protocol (AOAP) pathway, which lets a USB host, when in accessory-like mode, behave as an input device. In theory, AOAP should restrict some USB interfaces, such as the Picture Transfer Protocol (PTP) or Media Transfer Protocol (MTP). However, across tested Android devices, AOAP messages were accepted even when the host had not properly entered accessory mode, effectively bypassing the intended boundary between input and data paths.
Technique 3: A race condition in Android’s input dispatcher. By flooding the dispatcher with a crafted sequence of input events, a malicious charger can delay the processing of legitimate events from other processes. If the charger then switches from being a peripheral to a host while the device is still busy processing, it can secure user approval for the data connection, enabling the data channel to be established and maintained under what appears to be the user’s consent.

The researchers emphasize that these techniques collectively allow the charger to gain two functional channels: an input channel capable of spoofing consent and a data-access channel that can exfiltrate files. The success of these attacks across a broad device landscape demonstrates that the protections introduced to thwart juice jacking were not comprehensive enough to withstand the full gamut of practical exploitation, particularly when hardware-based input and protocol negotiation can be manipulated in tandem with OS-level prompts.

The illustrative sequence of a ChoiceJacking attack, as described by the researchers, helps visualize the operational flow:

The victim device connects to the malicious charger, with the screen already unlocked.
The charger performs a USB PD Data Role swap, shifting the device’s role to that of a USB host, while the charger becomes a USB input device.
The charger programs the system to enable Bluetooth input by sending specific signals.
The charger navigates the phone’s settings to the Bluetooth pairing screen and makes the device discoverable.
The charger begins advertising as a Bluetooth input device.
The charger scans for new discoverable Bluetooth devices to identify the victim’s device and initiates pairing.
Through the USB input device, the charger accepts the Yes/No pairing prompt on the phone, establishing a Bluetooth connection.
The charger performs another USB PD Data Role swap, restoring the device-to-charger host dynamic in which the charger is the USB host and the phone is the USB device.
As the USB host, the charger initiates a data connection.
The charger uses the Bluetooth input device to confirm the data connection on the phone.

This sequence enables the charger to maintain both the input spoofing path and the data transfer channel, granting it ongoing access to the device’s data as long as the charger remains connected. The practical implications are nuanced: the technique proved effective on all but one tested model—an Android device running Vivo’s Funtouch OS, which did not sufficiently support the USB PD protocol to complete the full chain. For the remaining models, the time to establish Bluetooth pairing was typically between 25 and 30 seconds, varying by device. Once connected, the attacker had read and write access to files stored on the device for as long as the charger remained connected.

Beyond the primary three techniques, the ChoiceJacking family also includes two additional variants that target Android devices specifically by circumventing the protections on the Android side:

The AOAP-centric variant leverages a host acting as an input device during accessory mode to subvert the intended restrictions on USB interfaces. This approach capitalizes on a mismatch between the protocol’s intended behavior and actual device implementations, allowing the input device to confirm prompts and enable data transfers despite the surrounding safeguards.
The race-condition variant capitalizes on the Android input dispatcher’s queueing behavior. By rapidly sending a crafted sequence of input events, a charger can overload the queue and force a situation where the device accepts the attacker’s input as if it came from the user, even after the host role changes or after the OS has begun processing other tasks. The result is a credible impersonation of user consent, enabling data access.

The practical scope of these techniques, as tested by the researchers, underscores a broad vulnerability across a wide swath of devices. The matrix of susceptibility showed that many devices were affected by multiple choices of attack technique, indicating overlapping weaknesses in the interplay of USB stacks, OS input handling, and the trusted-user model. This is not simply a problem of a single device family or a particular vendor’s device; it is a pattern of behavior observable across multiple vendors, with varying degrees of risk depending on how promptly and thoroughly each vendor implemented the newer mitigations.

What the findings mean for vendors, devices, and users

The study’s findings have immediate implications for device manufacturers and platform developers. Apple updated its iOS/iPadOS scripting to require user authentication—such as a PIN or password—for data access after the latest update in iOS/iPadOS 18.4. This update strengthens the prompt by adding an explicit authentication step before the data path can be established. Google took a similar approach with the Android side, updating its confirmation in Android 15 (released in November). The researchers report that these changes work as intended on devices that are fully updated with the new OS versions. However, the real-world risk remains tempered by fragmentation in the Android ecosystem. Many Android devices from various manufacturers have not adopted the new authentication requirements or have not fully integrated the updated USB handling in their custom skins. In particular, some Samsung devices running One UI 7 do not implement the new authentication requirement, leaving these models exposed to ChoiceJacking despite the underlying OS having the update.

The landscape thus presents a bifurcated reality: on the one hand, the core platforms have responded with stronger prompts and a more rigorous consent model; on the other hand, a broad swath of devices continues to rely on older stack configurations or manufacturer-specific modifications that degrade or bypass the intended protection. This fragmentation means that while high-end, well-maintained devices may be relatively immune when fully updated, the broader Android market remains potentially vulnerable to ChoiceJacking attacks. The researchers note that despite communicating findings to manufacturers well over a year prior, the adoption rate and the depth of remediation have lagged, likely because the changes to USB trust models are not trivial. The authors emphasize that the problem is not merely a programming error; it is a systemic design issue in how USB trust is conceptualized and enforced across mobile operating systems. They point to the broader impact: adjusting USB-based file access to require unlocks or more robust verifications improves security but imposes tangible costs to user convenience, potentially slowing down workflows in legitimate scenarios where users want rapid data movement.

The vulnerabilities identified are tracked by several CVE references, reflecting recognized security advisories tied to Apple, Google, Samsung, and other affected manufacturers. Apple’s related disclosures are associated with CVE entries that connect to iOS updates addressing the prompted authentication flow. Google’s disclosures align with CVEs tied to Android’s updated authentication protocol and the broader improved handling of USB access credentials. Samsung and other vendors have corresponding advisories that reflect the challenges of implementing uniform controls across customized Android forks. While these CVEs provide a formal way to track and remediate issues, their practical implications hinge on timely OS updates and vendor-specific rollouts. The researchers emphasize that even with patches, the risk remains if devices operate with outdated software or if the device’s OEM skin does not implement the new prompt authentications.

The broader security conversation around ChoiceJacking also includes the role of “USB debugging”—a feature many developers enable to troubleshoot apps, root devices, or transfer data. With USB debugging turned on, attackers can gain shell access via the Android Debug Bridge, enabling more invasive capabilities such as installing applications, accessing the file system, and executing arbitrary binaries. In essence, this mode represents an elevated risk state because it grants a much deeper level of access than PTP or MTP-based transfers. The recommendation is clear: keep USB debugging disabled unless you are actively debugging or testing, and ensure it is turned off in normal use. The attackers’ success depends on the device’s state and settings, and leaving USB debugging enabled creates a large, easily exploitable attack surface.

From a public-safety communication perspective, the research intersects with ongoing advisories from federal authorities about public charging stations. The researchers acknowledge that, historically, such warnings have been framed as cautionary rather than alarming, noting that there have long been concerns about public charging infrastructure. Their work does not report real-world, observed incidents of ChoiceJacking, but it does demonstrate that the theoretical risk is real and technically feasible under certain conditions. The team also cautions that “data blockers” or data-noise disablers—features or connectors that prevent data transfer while allowing power—can help mitigate the risk. However, these measures may inadvertently interfere with legitimate power negotiation processes, potentially slowing charging speeds or causing compatibility issues with some devices. The pragmatic takeaway is that public charging remains a risk vector, and users should weigh the benefits of convenient public charging against the potential for data compromise.

The evolving conversation also touches on usability and user experience. As the research team explained, the most significant obstacle to widespread adoption of stronger USB trust models is the balance between security and convenience. If the authentication requirement becomes onerous for everyday users, manufacturers may deprioritize or under-implement these protections, leaving devices more vulnerable to ChoiceJacking. This tension between user convenience and security is a recurring theme in the design of mobile platforms, and ChoiceJacking highlights how critical it is to design security controls that are both robust and seamless. The team’s commentary suggests that a combination of hardware-level protections, more resilient OS prompts, and improved guidance for users could yield better long-term security without sacrificing ease of use.

For consumers, the practical advice remains straightforward, albeit nuanced. If you frequently rely on public charging stations or use devices with older software, consider alternative charging practices such as using power-only cables or data-blocking adapters that prevent data transfer during charging sessions. Ensure devices run up-to-date software with the latest security patches and authentication requirements. If possible, disable USB debugging and confirm that your OS prompts require a clear authentication step beyond a simple tap. When using Android devices, be mindful of vendor-specific behaviors that may not implement the newest authentication flow, and check for updates or patches from device manufacturers. For iPhone and iPad users, applying iOS updates that include strengthened authentication prompts is important, as is avoiding public charging stations that appear compromised or untrusted. While no single mitigation will eliminate all risk, adopting these practices can reduce the likelihood of exposure in shared charging environments.

In summarizing the risk calculus, ChoiceJacking is a reminder that security is not a static state but an ongoing process of hardening across hardware, firmware, and software layers. It shows that attackers can exploit trust misalignments at several levels, from how USB devices negotiate roles to how OS-level prompts and input handling respond to a rapidly changing hardware scenario. The practical takeaway for users is to minimize reliance on public charging when possible, to employ data-blocking solutions when public charging is unavoidable, and to keep devices updated with the latest security protections and authentication requirements. For vendors and platform developers, the lesson is to pursue deeper, cross-layer alignment of USB trust models and to ensure that user-consent prompts cannot be bypassed by clever manipulation of input channels or role negotiation. The research ultimately reinforces the need for ongoing vigilance and a commitment to strengthening devices against a broad spectrum of attack vectors that exploit fundamental protocol and trust assumptions.

Device exposure and the boundary between convenience and protection

The ChoiceJacking work underscores a critical tension in contemporary mobile security: the friction between ease of use and the rigorous enforcement of consent in data access. On the one hand, OS developers aim to streamline the user experience by reducing friction when establishing connections and transferring files. On the other hand, attackers exploit these very same flows by subverting the underlying trust model that governs how and when data can be accessed. The result is a tension that can only be resolved through a combination of architecture changes, firmware hardening, and a more robust approach to user prompts. The researchers argue that, while the new authentication requirements are a meaningful improvement, they must be complemented by a broader and deeper alignment across USB stacks, device hardware, and software layers across all vendors to deliver holistic protection.

The study’s findings also emphasize the challenge of device fragmentation in the Android ecosystem. Android’s decentralized nature means a patch that rolls out in one vendor’s UI or one device family may not automatically propagate to others. This reality complicates the deployment of uniform, consistent protections across all devices and the many OS skins used by major manufacturers. The Vivo Funtouch OS exception illustrates a specific instance where the hardware-protocol implementation diverges sufficiently to skirt certain protections, leaving those devices more susceptible than others. This is the kind of edge-case that demonstrates why a one-size-fits-all solution is insufficient; instead, a cross-vendor, cross-platform strategy is necessary to close the gaps that ChoiceJacking exploits.

In practical consumer terms, the awareness of ChoiceJacking translates into standard operating procedures for public charging usage. The advice remains straightforward: limit the use of public charging stations when possible, rely on power-only adapters to prevent data access, and verify that your devices are running current software with the latest security updates. For users who absolutely must use public charging, data blockers and dedicated charging cables can offer a layer of protection, though with caveats about charging efficiency and compatibility. The tension here is that enhanced protections can incur costs in terms of user experience and charging performance, a trade-off that manufacturers must navigate. The researchers’ analysis clearly indicates that the cost of securing these interactions is not trivial, particularly in a complex ecosystem where devices differ in hardware capabilities, firmware versions, and OS customizations.

The broader industry takeaway is the need for standardization and stronger enforcement at multiple levels. The USB trust model is a foundational element of how devices interact in the real world, and ChoiceJacking shows that a single change at the OS prompt level is not enough if hardware behavior and protocol negotiations can still be manipulated. A robust defense demands a layered approach: secure bootstrapping of devices, hardware-backed authentication where feasible, consistent enforcement of prompts across device types, and rapid, coordinated updates from vendors to ensure devices reflect evolving protections. The end-user is best served by a security ecosystem that aggressively closes the gaps in the trust pipeline rather than relying on a single safeguard.

Furthermore, this security story reinforces the importance of clear, accessible user education. Even when devices are protected by updated OS prompts, users should understand the risks associated with public charging and the reasoning behind new authentication steps. Equally important is providing guidance that helps users recognize when a prompt is legitimate and when it may be part of an attack flow, including cues in the prompt’s design and behavior that differentiate a genuine request from a spoof. As security controls evolve, so too must user education, ensuring that people can make informed decisions in real-time, even in high-stakes or time-sensitive situations.

From a policy perspective, these findings may influence how public charging infrastructure is designed, deployed, and managed in sensitive environments. Organizations that operate airports, transit hubs, or large public venues might consider implementing data-blocking kiosks, charging-only stations, or devices that physically prevent data transfers while allowing power to flow. In essence, the ChoiceJacking framework strengthens the business case for infrastructure-level mitigations where feasible, complementing device-level safeguards and reducing overall risk exposure in public settings. While no single policy can eradicate risk, a layered approach that combines hardware controls, OS updates, and public infrastructure design can collectively improve the security posture against evolving USB-based attack methods.

Timeline, impact, and practical guidance for users and developers

The ChoiceJacking research sets out a clear timeline of the vulnerability’s discovery, the subsequent vendor responses, and the practical implications for users. The researchers’ work was scheduled for presentation at a major security conference, following months of rigorous evaluation using real hardware and a set of widely used devices. The timeline underscores how quickly security insights translate into meaningful protections, and how long it can take for the broader device ecosystem to catch up and implement comprehensive fixes. Apple’s and Google’s responses—adding authentication steps to the prompt and refining the flow in updated OS releases—represent a positive trajectory toward more robust protections. Yet, the observed fragmentation across Android devices highlights the ongoing challenge of ensuring uniform security across a diverse, global device market.

In terms of practical guidance for users, the recommendations remain pragmatic and actionable:

Prefer power-only charging solutions in public spaces to prevent any data transfer while charging.
Use data-blocking cables or adapters when public charging is unavoidable.
Keep devices updated with the latest operating system versions and security patches that include strengthened USB access controls.
Disable USB debugging in normal operating environments to minimize the risk of elevated access.
Be mindful of prompts and only grant permissions when you are confident in the source and intent of the request.
If possible, avoid using public charging stations that have any signs of tampering or suspicion, and prefer trusted charging solutions or official outlets.

For developers and device manufacturers, the path forward involves deeper, system-wide hardening:

Ensure that OS prompts require robust user authentication beyond a simple confirmation tap.
Harden USB stack implementations to resist inputs that are spoofed or injected by adversaries.
Align hardware and firmware across vendors to prevent compatibility gaps that attackers can exploit.
Accelerate the rollout of security patches for devices with older or customized Android forks, especially those not aligned with the latest platform standards.
Invest in user education resources that explain USB-based threats clearly and practically, enabling users to make safer decisions in real-world scenarios.

The research also invites continued scrutiny and a forward-looking security mindset. While the immediate risk is mitigated by up-to-date devices and improved prompts, the possibility of new attack variants always exists as attackers refine their techniques. The best defense combines patching, hardware design that enforces strict trust boundaries, and user practices that minimize exposure in everyday use. The combination of these elements will determine how effectively the industry can reduce the risk of ChoiceJacking and related USB-based threats in the future.

A cautious verdict on public charging and device security

The emergence of ChoiceJacking reinforces a long-standing security truth: technology designed to simplify life must be continuously evaluated for potential exploits that could undermine user trust. The fact that juice jacking protections proved vulnerable under real-world conditions highlights how complex device security has become when hardware, firmware, and software all interact in dynamic ways. The practical upshot is that users should exercise reasonable caution in public charging environments, while manufacturers and platforms must implement robust, cross-layer protections that resist sophisticated input-based attacks.

Public conversations about charging safety benefit from precise, evidence-based reporting that distinguishes between hype and credible risk. As researchers have noted, there have not been documented, widespread real-world incidents of ChoiceJacking to date; nonetheless, the demonstrated feasibility of the attacks means the risk is not merely theoretical. The ongoing debate about the seriousness of juice jacking should incorporate the nuanced understanding that modern, multi-variant threats require a comprehensive defense strategy rather than a single patch or a policy tweak. This is especially true in a landscape where user behavior, device diversity, and hardware vendors vary widely.

In summary, while Apple and Google have made meaningful progress in strengthening the consent flow for USB access, ChoiceJacking demonstrates that more work is required to secure the entire USB trust pipeline across devices and ecosystems. The path to robust protection lies in cross-vendor collaboration, hardware-aware security design, clear user education, and continuous security updates that reflect evolving threat models. Users can reduce risk by practicing prudent charging habits and staying current on device updates, while developers and manufacturers can implement deeper, more holistic protections that preserve convenience without compromising security.

Conclusion

ChoiceJacking reveals that the security barrier against juice jacking was never entirely about a single dialog or a single patch. It is a broader, systemic issue rooted in USB trust models, input handling, and cross-device interoperability. The attacks demonstrate how a malicious charger can leverage hardware and software interactions to spoof user consent and gain data access, sometimes across multiple channels of operation. Apple and Google have begun addressing these gaps with updated prompts and authentication requirements, but the reality of device fragmentation means that many Android devices in the market remain vulnerable to certain techniques. The implications for users are clear: public charging remains a potential risk that requires practical mitigation, including the use of power-only cables and data blockers where appropriate, as well as keeping devices up to date with the latest security patches and authentication features. For the industry, ChoiceJacking underscores the need for deeper collaboration to reimagine the USB trust model in a way that is both secure and user-friendly, ensuring that protections behave consistently across devices and vendor customizations. In the end, the defense against USB-based threats will hinge on a layered approach that unites hardware protections, firmware hardening, operating system safeguards, and informed user behavior to create a more resilient digital ecosystem.

New ChoiceJacking Attack Breaks iOS and Android Juice-Jacking Defenses That Have Been Trivially Bypassed for Years

The legacy of juice jacking and the USB trust model

What ChoiceJacking claims reveal about attack principles

What the findings mean for vendors, devices, and users

Device exposure and the boundary between convenience and protection

Timeline, impact, and practical guidance for users and developers

A cautious verdict on public charging and device security

Conclusion

AI Applications / Industry

This Week’s Top 5 AI Stories: Dolphin Language, AI Energy Challenges, Cognitive Digital Brains, The Rise of CAIOs, and TSMC’s A14 Chip for AI

This Week in AI: Five Key Stories From Dolphin Translation to Cognitive Digital Brains and Chip Breakthroughs

MWC25: How Rakuten Mobile Is Embedding AI Across Operations – From Autonomous Open RAN and AI Site Management to Green Networking

This Week in AI: The Top 5 Stories Shaping Business, Hardware, and the AI Landscape

CoreAI: Microsoft’s Five Principles for AI Success to Empower Every Developer and Accelerate Innovation

CoreAI and Microsoft Executives Reveal Five Principles for AI Success

Why Alphabet, Nvidia and Google Cloud Are Betting on SSI, the Safe Superintelligence Startup Led by Ex-OpenAI Chief Scientist Ilya Sutskever

This Week in AI: 5 Must-Read Stories From SAP, OpenAI, Nvidia, Microsoft, and Dell.

Why Alphabet, Nvidia and Google Cloud Are Investing in SSI, the Safe Superintelligence Startup Co-Founded by OpenAI’s Ilya Sutskever

Tackling Spam with GFI Software

MWC25: Rakuten Mobile Embeds AI Across Open RAN and Site Management, Driving Autonomous Networks, Efficiency, and Sustainability

MWC25: Fujitsu Unveils AI-Driven 5G Strategy for Telcos, Highlighting AI-RAN, Open RAN, and Private 5G ROI

MWC25: Fujitsu Unveils AI-Driven 5G Strategy for Telcos, Highlighting AI-RAN, Private 5G and ROI Growth

ISO 27001: Why It’s More Relevant Than Ever in the Digital Age

Inside Fujitsu & Nvidia’s Healthcare AI Orchestrator: A Platform That Coordinates Autonomous Medical Agents for Smarter Care

Fujitsu and Nvidia’s Healthcare AI Orchestrator Platform: Coordinating Autonomous Agents to Streamline Hospitals and Elevate Patient Care

Gartner: CDAOs Now Lead Enterprise AI Strategy, Reordering C-Suite Power Toward Data-Driven Leadership

Why CDAOs Are Now Leading Enterprise AI Strategy, Gartner Finds

CEOs See AI’s Impact, Yet Only 44% Trust CIOs’ AI Skills, Gartner Finds

CEOs View Only 44% of CIOs as AI-Savvy, Gartner Finds, Highlighting Urgent Upskilling Needs

Gen Z Embraces AI Agents, but Businesses Lag: Salesforce Reveals a Growing Demand–Delivery Gap

Salesforce: Gen Z Drives AI Agent Adoption as Businesses Lag Behind in Meeting Consumer Demand

Did PENN Entertainment End the Shortened Trading Week Higher After ESPN Bet Expansion and Rebranding?

Did PENN Entertainment Close the Shortened Trading Week Higher, Up 4.92% to $19.19?

Could Alibaba (BABA) Be a Top Growth Stock to Buy and Hold in 2025?

Meta shares jump more than 10% after revenue beat, raises forecast

The legacy of juice jacking and the USB trust model

What ChoiceJacking claims reveal about attack principles

What the findings mean for vendors, devices, and users

Device exposure and the boundary between convenience and protection

Timeline, impact, and practical guidance for users and developers

A cautious verdict on public charging and device security

Conclusion

Related News