Posted on 11/15/2019 4:48:04 PM PST by BenLurkin
Los Angeles District Attorney has warned travelers to avoid charging their smartphones and other devices using public USB power charging stations as they may contain dangerous malware.
USB was designed to transfer both power and data and security researchers as well as cybercriminals have learned how to use USB connections to deliver malicious payloads to users who thought they were merely charging their devices.
Over the past few years, several proofs of concepts were created with the most notorious being Mactans, which was unveiled at the Black Hat security conference back in 2013. While the device may look like an ordinary USB wall charger, it actually has the capability to deploy malware on iOS devices.
(Excerpt) Read more at techradar.com ...
Use the public USB charging station to charge a PowerCore pack (Best buy has them), then use that to charge the phone.
A virus can’t be downloaded to a power pack ..
Communication over dc power connections is old school simplicity itself.
Doing it via the USB power connections is simple.
Here are a few links re comms over dc....
Mod a smartphone at the factory and foundry, watch the USB VCC for data and do what you will with it...easy.
https://www.techbriefs.com/component/content/article/tb/techbriefs/semiconductors-and-ics/2487
http://www.farnell.com/datasheets/1521845.pdf
https://yamar.com/product/sig102/
Took me back to Altus Oklahoma in the Summer and me up in the attic wiring in an onyx phone we had brought back from Italy - sweat dripping off my fingertips as I was splicing wires and someone called...the ringer voltage is like grabbing a spark plug wire.
“Communication over dc power connections is old school simplicity itself.”
Yes it is, The Telegraph as the first example. The only difference was that the transmitters and receivers of the data were human to human. Just replace the humans with hardware and you have a data transfer. The telephone used a carrier signal to do the same thing but even better in duplex. Dial up PC modems did the same thing using the simple carrier signal voltage of the phone system. In the case talked about in the article think using FAX over phone lines.
But the receiving hardware has to be in place. And I will bet that this hardware is now an industry standard in all modern phones. It would be smaller than a grain of rice sitting and waiting for when needed.
The one thing that always had me curious is why they never took advantage of using duplex with dial up modems, they remained simplex taking turns sending and receiving packets when they could have had full duplex by sending on one frequency and receiving on another making it ten times as fast. Packet switching uses up a lot of time and resources.
Never plug a vital piece of equipment into a strange place where who knows how many others have.... well you know....
“I consulted on an implanted medical device project many years ago. The devices internal super-caps were charged by using a small device that was held near the implant site which passed magnetic pulses to a small coil for charging.
We used the external charger to pass data in and out by manipulating pulse width and timing, the implanted device sent data out by pulsing current to the coil...worked great.”
Pacemakers. And from what I understand they can even long term monitor and record heart data along with the capability of being “tuned up” externally by data transfer using the inductive charging feature you speak of. Air gap data transfer, things have changed a lot in the last ten to 15 years with technology. :)
Respectfully...I don’t play, I’m a professional that works at the device driver and specification level. I’ve also responsibilities in cyber security so I’m fully aware of people that aren’t “playing by the rules”.
“You can send high-speed data over the ac wiring in your home, slow data over the charge pins of USB is child’s play compared to that.”
Sorry, the USB specification is an extremely detailed digital protocol. It’s light years beyond what happens with household electrical wiring. You have OHCI, EHCI, XHCI, ..., USB controllers working at fixed frequencies, that require a device to go through an entire enumeration process to recognize the device at an address with “endpoint types”. These endpoint types are interrupt, bulk in/out, and isochronous. It’s hard enough to just get a device to work - let alone some nefarious unspec’d behavior.
What you’re suggesting is that the HW itself has been designed to handle a side-channel attack. BUILT IN. I can personally vouch for HW designs that do no such thing. It would be a huge amount of extra engineering to enable and nobody in the commercial world would even consider attempting to do it - especially as the engineering is, most likely, global - where engineers in multiple countries could expose what is being built.
I’m not saying there’s no security holes in the USB stack or respective device class drivers but that isn’t the same as compromising a device purely by using only the +5V/ground wires. It’s beyond a reasonable consideration.
Hence the old fashioned charging cord. Until the manufacturers all do away with it.
If they are regular AC 120v outlets, give the two prongs on your adapter a gentle and slight outward bend. That will help keep the thing plugged into the outlet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.