Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1954 posts

Uber Geek


#214122 28-Apr-2017 15:24
Send private message

I will ask this here although I am not sure if its the right forum.

 

I was recently reading Stop Chargeing in public ports

 

The gist of it is that public chrgeing ports are being hacked to mak it possible to steal data. True ? False?

 

If you do have to charge in a public port use a usb cable without the data cable or with it removed . This will stop the chance of stealing of data through the cahreging port. True ? False?





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


Create new topic
588 posts

Ultimate Geek
Inactive user


  #1771971 28-Apr-2017 15:29
Send private message

     

  1. It is possible to compromise data on mobile device over USB? Yes
  2. Is it actually happening? Internationally - probably, Locally (NZ) - possibly.
  3. Will using a "charge-only" (without data pins) or switchable USB cable prevent this particular attack? Yes

6277 posts

Uber Geek

Trusted
Lifetime subscriber

  #1771973 28-Apr-2017 15:30
Send private message

I personally would not use one

Linux

 
 
 
 


193 posts

Master Geek
Inactive user


  #1771974 28-Apr-2017 15:30
Send private message

For Android:

I can see it being true if there was some intelligence in the "port".

 

eg. If it presented itself as a MTP Initiator (like your computer does)

 

However, most modern Android phones have USB modes now eg. Charging or File Transfer (with Charging being default)

 

In Charging mode - MTP isn't activated.

 

The other way could be using ADB.

 

But, if you don't have debugging on the phone enabled - you should be pretty safe from that.

 

I would say be more cautious if using an old phone / older Android version.
These had things like default Mass Storage mode when plugged in etc and would be a lot more susceptible.

 

And if using public charging stations - make sure to keep your Android phone in "Charge mode".

 

Definitely the safest method is to only have the +5v and GND connected in the charging cable.

 

 

 

I would more worried about a (malicious) damage causing USB port than data stealing.
eg. high voltage output, or AC or pins connected to each other, or voltage up data pins etc.

 

(YouTube - "USB Killer" if you think your devices protect against this)


5929 posts

Uber Geek


  #1771976 28-Apr-2017 15:34
Send private message

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.

 

https://support.apple.com/en-nz/HT202778


588 posts

Ultimate Geek
Inactive user


  #1771977 28-Apr-2017 15:35
Send private message

I got a surprise the first time I plugged my Android phone into the USB port of a rental car to charge and my mobile screen appeared mirrored on the on-board display - was like WTF, I didn't authorize / enable any connection. Same goes when they start trying to download all your contacts over USB and/or Bluetooth however BT now usually prompts for access to contacts / SMS.


2594 posts

Uber Geek


  #1771988 28-Apr-2017 15:49
Send private message

RunningMan:

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.


https://support.apple.com/en-nz/HT202778



I can confirm it does block access and still charge the device on ios9 and above (not sure when this came in for older iOS systems though)



1954 posts

Uber Geek


  #1771996 28-Apr-2017 16:00
Send private message

Thanks very much for the response . I sell a range of travel power adapters, that obviously are immune to the problem. The USB charge security problem was bought up in conversation. The answers you have provided were well above my pay grade LOL So Thanks

 

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


 
 
 
 


607 posts

Ultimate Geek


  #1772003 28-Apr-2017 16:16
Send private message

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.



9611 posts

Uber Geek

Lifetime subscriber

  #1772033 28-Apr-2017 17:11
Send private message

spend $30 and get a power bank if your worried, a 10000mah one will charge your phone 2-4 times


1184 posts

Uber Geek

Trusted

  #1772123 28-Apr-2017 20:00
Send private message

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.





Please keep this GZ community vibrant by contributing in a constructive & respectful manner.




1954 posts

Uber Geek


  #1772183 28-Apr-2017 22:36
Send private message

IcI:

 

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.

 

 

 

 

For my barometer for consumer need or desire I head on over to Aliexpress and see how many types and variety's are being sold. Of the usb cable with not data there are quite a few. So there maybe a consumer demand whether it is needed or not.

 

 





Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me




1954 posts

Uber Geek


  #1772189 28-Apr-2017 22:41
Send private message




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

gnfb on trademe

Email Me


646 posts

Ultimate Geek

Trusted

  #1772970 30-Apr-2017 18:29
Send private message

gnfb:

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.



There's no need for such an app. As @Mattrix mentioned, most Android phones are set to charge-only by default and you cannot change the default (at least on stock Android).

As for the popup, some OEMs already provide that functionality, however stock Android doesn't provide a popup but rather a notification item which you can click on and then change the mode.

612 posts

Ultimate Geek

Lifetime subscriber

  #1772999 30-Apr-2017 19:52
Send private message

Sam91:

 

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

 

 

A lot (but not all) of the new single-decker buses in South Auckland operated by Go Bus and the Murphys-Ritchies joint venture have USB charging ports as well. Has come in quite useful but you can't rely on it being present so always safer to charge before you travel. I wonder if people would start using them more when we come closer to 100% of buses having them avaliable (due to significally less chance of ending up stuck on a bus without USB charging ports).


23290 posts

Uber Geek

Trusted
Subscriber

  #1773101 30-Apr-2017 21:54
Send private message

There is a difference between using your own cable in a USB socket, and plugging a random micro USB into your phone.

 

The 5th wire in the microusb can be used to choose which mode the data lines operate in. One of the modes is USB host, the other a USB client - we all know those ones. On samsungs there is also analog audio and also a serial terminal available by putting a different resistance on those pins. Many of the scary articles you find are talking about those other modes letting you do debug on the phone and similar.





Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52


Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.