Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1848 posts

Uber Geek


# 214122 28-Apr-2017 15:24
Send private message

I will ask this here although I am not sure if its the right forum.

 

I was recently reading Stop Chargeing in public ports

 

The gist of it is that public chrgeing ports are being hacked to mak it possible to steal data. True ? False?

 

If you do have to charge in a public port use a usb cable without the data cable or with it removed . This will stop the chance of stealing of data through the cahreging port. True ? False?





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


Create new topic
588 posts

Ultimate Geek
Inactive user


  # 1771971 28-Apr-2017 15:29
Send private message

     

  1. It is possible to compromise data on mobile device over USB? Yes
  2. Is it actually happening? Internationally - probably, Locally (NZ) - possibly.
  3. Will using a "charge-only" (without data pins) or switchable USB cable prevent this particular attack? Yes

5101 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1771973 28-Apr-2017 15:30
Send private message

I personally would not use one

Linux

 
 
 
 


193 posts

Master Geek
Inactive user


  # 1771974 28-Apr-2017 15:30
Send private message

For Android:

I can see it being true if there was some intelligence in the "port".

 

eg. If it presented itself as a MTP Initiator (like your computer does)

 

However, most modern Android phones have USB modes now eg. Charging or File Transfer (with Charging being default)

 

In Charging mode - MTP isn't activated.

 

The other way could be using ADB.

 

But, if you don't have debugging on the phone enabled - you should be pretty safe from that.

 

I would say be more cautious if using an old phone / older Android version.
These had things like default Mass Storage mode when plugged in etc and would be a lot more susceptible.

 

And if using public charging stations - make sure to keep your Android phone in "Charge mode".

 

Definitely the safest method is to only have the +5v and GND connected in the charging cable.

 

 

 

I would more worried about a (malicious) damage causing USB port than data stealing.
eg. high voltage output, or AC or pins connected to each other, or voltage up data pins etc.

 

(YouTube - "USB Killer" if you think your devices protect against this)


5525 posts

Uber Geek


  # 1771976 28-Apr-2017 15:34
3 people support this post
Send private message

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.

 

https://support.apple.com/en-nz/HT202778


588 posts

Ultimate Geek
Inactive user


  # 1771977 28-Apr-2017 15:35
Send private message

I got a surprise the first time I plugged my Android phone into the USB port of a rental car to charge and my mobile screen appeared mirrored on the on-board display - was like WTF, I didn't authorize / enable any connection. Same goes when they start trying to download all your contacts over USB and/or Bluetooth however BT now usually prompts for access to contacts / SMS.


2541 posts

Uber Geek


  # 1771988 28-Apr-2017 15:49
Send private message

RunningMan:

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.


https://support.apple.com/en-nz/HT202778



I can confirm it does block access and still charge the device on ios9 and above (not sure when this came in for older iOS systems though)



1848 posts

Uber Geek


  # 1771996 28-Apr-2017 16:00
Send private message

Thanks very much for the response . I sell a range of travel power adapters, that obviously are immune to the problem. The USB charge security problem was bought up in conversation. The answers you have provided were well above my pay grade LOL So Thanks

 

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


 
 
 
 


603 posts

Ultimate Geek


  # 1772003 28-Apr-2017 16:16
Send private message

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.



8751 posts

Uber Geek

Lifetime subscriber

  # 1772033 28-Apr-2017 17:11
2 people support this post
Send private message

spend $30 and get a power bank if your worried, a 10000mah one will charge your phone 2-4 times


971 posts

Ultimate Geek

Trusted

  # 1772123 28-Apr-2017 20:00
One person supports this post
Send private message

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.




1848 posts

Uber Geek


  # 1772183 28-Apr-2017 22:36
Send private message

IcI:

 

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.

 

 

 

 

For my barometer for consumer need or desire I head on over to Aliexpress and see how many types and variety's are being sold. Of the usb cable with not data there are quite a few. So there maybe a consumer demand whether it is needed or not.

 

 





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me




1848 posts

Uber Geek


  # 1772189 28-Apr-2017 22:41
Send private message




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


642 posts

Ultimate Geek

Trusted

  # 1772970 30-Apr-2017 18:29
Send private message

gnfb:

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.



There's no need for such an app. As @Mattrix mentioned, most Android phones are set to charge-only by default and you cannot change the default (at least on stock Android).

As for the popup, some OEMs already provide that functionality, however stock Android doesn't provide a popup but rather a notification item which you can click on and then change the mode.

531 posts

Ultimate Geek

Lifetime subscriber

  # 1772999 30-Apr-2017 19:52
Send private message

Sam91:

 

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

 

 

A lot (but not all) of the new single-decker buses in South Auckland operated by Go Bus and the Murphys-Ritchies joint venture have USB charging ports as well. Has come in quite useful but you can't rely on it being present so always safer to charge before you travel. I wonder if people would start using them more when we come closer to 100% of buses having them avaliable (due to significally less chance of ending up stuck on a bus without USB charging ports).


22334 posts

Uber Geek

Trusted
Subscriber

  # 1773101 30-Apr-2017 21:54
Send private message

There is a difference between using your own cable in a USB socket, and plugging a random micro USB into your phone.

 

The 5th wire in the microusb can be used to choose which mode the data lines operate in. One of the modes is USB host, the other a USB client - we all know those ones. On samsungs there is also analog audio and also a serial terminal available by putting a different resistance on those pins. Many of the scary articles you find are talking about those other modes letting you do debug on the phone and similar.





Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16


Intel announces next-generation Intel Xeon Scalable processors with up to 56 cores
Posted 7-Aug-2019 15:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.