Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

At the annual Black Hat security conference this summer, researchers demonstrated how it would be possible to add malware to an iPhone by connecting it to a modified charger. Now a mobile security startup is attempting to do the opposite, by selling a charger that can scan your smartphone for malware—and repair it, if necessary—while powering it up.

There are already plenty of mobile security apps on the market from companies like Lookout Mobile and TrustGo. Yet Kaprica Security believes that because its Skorpion charger is physically separate from your smartphone, it is better suited to spot the kind of malware that can sit silently on the device, stealing files or login information like your bank or credit card username and password, from which a hacker may be able to profit while remaining undetected.

Kaprica cofounder and CEO Doug Britton says the Skorpion charger analyzes your phone’s operating system files without relying on the phone’s operating system, memory, or processor to tell it the truth about whether or not it has been compromised. He says this means the device is not vulnerable to malware that may fool virus scanners by hiding out on the phone and intercepting legitimate scan results, telling the scanner that everything on the phone is okay, when the results would otherwise point out a security breach.

Though still a tiny problem compared to computer malware overall, mobile malware is on the rise, and the vast majority of it is popping up on Android smartphones. In its August report, McAfee Labs said it collected nearly as many mobile malware samples in the first half of this year—over 17,000 in the second quarter alone—as it did during the entirety of 2012. Most of these new malware specimens encountered were so-called “backdoor Trojans” that secretly steal a user’s information, as well as malware that captures bank login details.

Britton, who previously worked at defense contractor Lockheed Martin as a research and development manager specializing in security, says it’s hard to know how often these kinds of silent attacks are happening on smartphones, but that data suggests attack patterns used on PCs are being used on smartphones as well.

In hopes of thwarting this shift, Kaprica plans to start selling the Skorpion charger late this year or early next year to enterprise customers for around $65, with a monthly subscription fee of $3 or $4 for features like updates and alerts. The charger will be co-branded with consumer electronics and accessory maker Belkin, which is manufacturing the device.

The Skorpion charger can be made to work with any smartphone operating system, but Kaprica does need to work with smartphone makers to ensure the Skorpion charger can work with their handsets. Britton won’t get specific about what phones it will be compatible with early on, but says its technology is most developed for Android so far and that the Reston, Virginia-based company plans to launch with a handset maker that already makes both Android and Windows smartphones.

For the user, the charger is simple: plug it into the wall, and plug the phone into the charger. The charger then conducts a quick preliminary scan of the phone; if all is in order, it shows a green light.

If you leave the phone plugged into the charger, it will reboot at a time you’ve preconfigured—3 a.m., for instance—and start a more thorough process that sends the phone’s operating-system files to the charger for an analysis that takes about four minutes.

Britton says that since the analysis is done locally, the charger doesn’t need a Wi-Fi or data network connection. The phone’s wireless connection is used, however, for downloading updates to the Skorpion charger and for sharing scan results with, say, your company’s IT department.

If a problem is detected, the charger will alert you with a red light, and—depending on the user’s preferences—the charger can automatically repair the phone by using a previous “good” version of the operating system it has already stored.

Britton says that even if the charger itself is compromised, it cannot add new applications or code to the phone.  

Xuxian Jiang, an associate professor of computer science at North Carolina State University who researches mobile malware,  says the charger takes an interesting approach to mobile security but may be limited if it does not scan the phone while you’re using it, since actions like answering a call can transmit malware. He’s also concerned that the security updates the charger receives via the phone and its wireless network access could possibly be intercepted, thereby compromising its effectiveness, and suggests the Skorpion might be more effective if used with, say, a mobile security app.

When it comes to malware, “there’s no single bullet to all problems,” he says.

3 comments. Share your thoughts »

Credit: Photograph by Kaprica Security

Tagged: Computing, Web, smartphone, malware, hacker, cybersecurity, iOS, Android, Lookout

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »