Professor and student team Angelos Stavrou and Zhaohui Wang from George Mason University have presented a finding at the Black Hat DC conference, which shows how an Android phone can be used to mount as a standard HID (human input device) when plugged into a Windows, OS X or Linux computer, potentially giving keyboard and mouse access to malware or even a remote hacker.
Even though the presentation of the process was completed using a modified Android kernel, the team say it could just as easily be modified to run on any iOS devices like the iPhone 4, to create the same effect.
“Say your computer at home is compromised and you compromise your Android phone by connecting them. Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android. It’s a viral type of compromise using the USB cable” Angelos Stavrou
Once connected via a USB port the malware device installation happens automatically making it even harder for the user to see that something malicious is happening and antivirus software wouldn’t necessarily spot the malware process because to the Antivirus software the process would appear to be a normal keyboard or mouse activity.
Once the computer is affected by the malware it would then automatically contaminate any clean mobile device connected to it making the malware a viral problem.