Posted on 11/15/2019 4:48:04 PM PST by BenLurkin
Los Angeles District Attorney has warned travelers to avoid charging their smartphones and other devices using public USB power charging stations as they may contain dangerous malware.
USB was designed to transfer both power and data and security researchers as well as cybercriminals have learned how to use USB connections to deliver malicious payloads to users who thought they were merely charging their devices.
Over the past few years, several proofs of concepts were created with the most notorious being Mactans, which was unveiled at the Black Hat security conference back in 2013. While the device may look like an ordinary USB wall charger, it actually has the capability to deploy malware on iOS devices.
(Excerpt) Read more at techradar.com ...
Thanks for posting this.
That’s 100% BS! Someone can send data over whatever pins they want but if your device is not listening there it has no effect. File this 8nder “urban myth”‘
Sorry...as somebody that has written USB drivers and respective power management drivers I don’t buy this for a second. Transferring data via power/ground isn’t supported by the specification. The chipsets would need to support this undefined functionality and all the technical reference manuals I’ve read, detailing the USB register & power management behavior, have never come close to stating there’s some level of ability to do this.
Pure fantasy imo. That said, USB *can* be used as an attack vector. This has been demonstrated. Known vulnerabilities have been mitigated however - you’d need to have an old phone.
No, never a problem period.
I use phones with replaceable batteries and have a stack of external chargers recharging a larger stack of replacement batteries for the phones my wife and I use.
At hotels I have a thirteen amp charger which can simultaneously charge six devices for the gadgets I carry without replaceable batteries.
This isn’t a weakness I never contemplated or addressed.
Will order a couple.
Thank you for the tip.
No fair sticking your tongue to the charger. The charger could get damaged.
The receiving devices can be easily designed to allow for data over the charging lines. It’s different from, but just as simple as morse code for example.
The innocuous little wall-wart chargers can be easily chipped to allow for data handling and even remote access via RF.
The NSA doesn’t run a foundry to crank out 555 timer chips :-)
Once the chipped chargers and phones are out in the wild just imagine the data windfall you would have.
I consulted on an implanted medical device project many years ago. The devices internal super-caps were charged by using a small device that was held near the implant site which passed magnetic pulses to a small coil for charging.
We used the external charger to pass data in and out by manipulating pulse width and timing, the implanted device sent data out by pulsing current to the coil...worked great. Same sort of idea works to pass data on the USB charging lines.
I have worked on industrial control systems that pass data using just the power lines to the remote devices...it reduces the wiring complexity a lot...you can control a large number of remote device on a simple twisted pair carrying dc or ac.
Ah! It’s not a problem because you don’t use USB chargers.
Personally, I don’t either. But I don’t carry around much stuff to charge. Too complicated.
But it’s a problem for those that use USB chargers. I’ve warned some friends.
And then there is PLN...no escape possible
You missed the part where I said the device had to be designed to handle data over the charging lines....that’s easily done and not the sort of thing someone like Huawei would advertise on a billboard :-)
I also play with things like USB...and it is a certainty that some devices have been set up to pass data over the VCC and GND pins.
Passing data over power connections has a long history in industrial controls.
We are speaking here of bad actors who are operating outside the specifications for USB...they don’t play by the rules.
All that need be done is provide access to the VCC and GND pins and have a processor watch for the data carried as minor variations in voltage...this would NOT interfere in any way with normal USB functionality. It operates apart from that.
You can send high-speed data over the ac wiring in your home, slow data over the charge pins of USB is child’s play compared to that.
Back in the 70’s there was a project that modified commonly available modems so that they surreptitiously passed data about the devices they were connected to as variations in timing of the tones used to send data over the phone lines.
This simple technique has been used for at least half a century now.
There’s a jillion manufacturers offering these.
I was in a Dollar General today and saw a bin full of these for $5/ea.
Just this week on a new Prevost, 110 volt power outlets. They are no danger. That’s just pure electrical power. But I can see where in certain locales USBs could carry dangerous crap.
I’ve had less than satisfactory performance with others except for Aukey.
Just sayin’.
However, all of these independent batteries provide isolation from unknown data links when charging.
Good Point. There are adapters that isolate the connection to only power.
Likely a good thing to easily carry around.
Maybe those sockets are loose for a reason . . .
= = =
Maybe those ‘sockets’ have been used A LOT.
There’s a dirty joke in there somewhere!
fuzzylogic wrote:
“...Transferring data via power/ground isn’t supported by the specification. ...”
This EE agrees with you.
There’s no way to get data into a device solely via the power and ground lines.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.