{
	"id": "d5308663-1042-45e8-8cdb-b8ded31b8b50",
	"created_at": "2026-04-06T01:28:56.752185Z",
	"updated_at": "2026-04-10T13:12:31.863751Z",
	"deleted_at": null,
	"sha1_hash": "9ad8c54e2f2a7c9cdbf5940453f5d0070738a733",
	"title": "STA-6 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50244,
	"plain_text": "STA-6 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 00:16:44 UTC\r\nMobile Threat Catalogue\r\nMalicious Apps Installed via USB\r\nContribute\r\nThreat Category: Mobile Operating System\r\nID: STA-6\r\nThreat Description: When connected through USB, potentially malicious applications can be installed on the\r\nmobile device, sometimes without the user’s knowledge. These applications can be installed intentionally by the\r\nuser, or by an infected computer or charging station.\r\nThreat Origin\r\nMobile Iron Q4 Mobile Security and Risk Review 1\r\nGovernment Mobile and Wireless Security Baseline 2\r\nExploit Examples\r\nInjecting Malware into iOS Devices via Malicious Chargers 3\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nTo reduce the probability of this attack, follow general best practices for securing systems to which a trusted\r\nmobile device may synchronize or access debugging functionality. For example, ensure the OS and applications\r\nmaintain current security updates, endpoint protection software is installed, and systems are monitored for\r\nanomalous behavior.\r\nConsider use of Android 4.2.2 or later devices. In Android 4.2.2, connections to ADB are authenticated with an\r\nRSA keypair. This prevents unauthorized use of ADB where the attacker has physical access to a device. 4\r\nConsider the use of Android 6.0 or later, in which users must confirm to allow USB access to files, storage, or\r\nother functionality on the phone. The default behavior permits charging only.\r\n5\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html\r\nPage 1 of 3\n\nConsider the use of iOS 7.x or later, in which synchronization with a computer over USB that requires the device\r\nbe unlocked and the user confirm an explicit trust request. Failure to establish trust permits charging only.\r\nProvide extra device chargers to users that plug directly into an electrical socket and encourage users to use them\r\ninstead of plugging into potentially malicious USB charging stations or USB ports on potentially infected\r\ncomputers.\r\nMobile Device User\r\nTo prevent some varities of this attack, ensure ADB debugging is disabled.\r\nTo reduce the probability of this attack, do not accept prompts to trust untrusted systems.\r\nConsider use of Android 4.2.2 or later devices. In Android 4.2.2, connections to ADB are authenticated with an\r\nRSA keypair. This prevents unauthorized use of ADB where the attacker has physical access to a device. 4\r\nConsider the use of Android 6.0 or later, in which users must confirm to allow USB access to files, storage, or\r\nother functionality on the phone. The default behavior permits charging only.\r\n5\r\nConsider the use of iOS 7.x or later, in which synchronization with a computer over USB that requires the device\r\nbe unlocked and the user confirm an explicit trust request. Failure to establish trust permits charging only.\r\nProvide extra device chargers to users that plug directly into an electrical socket and encourage users to use them\r\ninstead of plugging into potentially malicious USB charging stations or USB ports on potentially infected\r\ncomputers.\r\nReferences\r\n1. Q4 Mobile Security and Risk Review, white paper, MobileIron;\r\nhttps://www.mobileiron.com/sites/default/files/qsreports/files/security-report-Q415-v1.2-EN.pdf [accessed\r\n8/25/2016] ↩\r\n2. Government Mobile and Wireless Security Baseline, CIO Council, 23 May 2013;\r\nhttps://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/1151/downloads/2013/05/Federal-Mobile-Security-Baseline.pdf [accessed 8/1/2022] ↩\r\n3. B. Lau et. al. , Injecting Malware into iOS Devices via Maliscious Chargers, presented at BlackHat, 2013.\r\nhttps://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf [accessed 8/23/16] ↩\r\n4. “Security Enhancements in Android 4.3”;\r\nhttps://source.android.com/security/enhancements/enhancements43.html [accessed 8/29/2016] ↩ ↩2\r\n5. “Security Enhancements in Android 6.0”;\r\nhttps://source.android.com/security/enhancements/enhancements60.html [accessed 8/29/2016] ↩ ↩2\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html\r\nPage 2 of 3\n\nSource: https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html"
	],
	"report_names": [
		"STA-6.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775438936,
	"ts_updated_at": 1775826751,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9ad8c54e2f2a7c9cdbf5940453f5d0070738a733.pdf",
		"text": "https://archive.orkl.eu/9ad8c54e2f2a7c9cdbf5940453f5d0070738a733.txt",
		"img": "https://archive.orkl.eu/9ad8c54e2f2a7c9cdbf5940453f5d0070738a733.jpg"
	}
}