A question of data security

Forums › Android › A question of data security

gnfb

2609 posts

Uber Geek

ID Verified

#214122 28-Apr-2017 15:24

I will ask this here although I am not sure if its the right forum.

I was recently reading Stop Chargeing in public ports

The gist of it is that public chrgeing ports are being hacked to mak it possible to steal data. True ? False?

If you do have to charge in a public port use a usb cable without the data cable or with it removed . This will stop the chance of stealing of data through the cahreging port. True ? False?

Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

I have two shops online allshop.nz patchpinflag.nz
Email Me

solutionz

589 posts

Ultimate Geek
Inactive user

#1771971 28-Apr-2017 15:29

It is possible to compromise data on mobile device over USB? Yes
Is it actually happening? Internationally - probably, Locally (NZ) - possibly.
Will using a "charge-only" (without data pins) or switchable USB cable prevent this particular attack? Yes

Linux

11428 posts

Uber Geek

Trusted

Lifetime subscriber

#1771973 28-Apr-2017 15:30

I personally would not use one

Linux

mattrix

193 posts

Master Geek
Inactive user

#1771974 28-Apr-2017 15:30

For Android:

I can see it being true if there was some intelligence in the "port".

eg. If it presented itself as a MTP Initiator (like your computer does)

However, most modern Android phones have USB modes now eg. Charging or File Transfer (with Charging being default)

In Charging mode - MTP isn't activated.

The other way could be using ADB.

But, if you don't have debugging on the phone enabled - you should be pretty safe from that.

I would say be more cautious if using an old phone / older Android version.
These had things like default Mass Storage mode when plugged in etc and would be a lot more susceptible.

And if using public charging stations - make sure to keep your Android phone in "Charge mode".

Definitely the safest method is to only have the +5v and GND connected in the charging cable.

I would more worried about a (malicious) damage causing USB port than data stealing.
eg. high voltage output, or AC or pins connected to each other, or voltage up data pins etc.

(YouTube - "USB Killer" if you think your devices protect against this)

RunningMan

8960 posts

Uber Geek

#1771976 28-Apr-2017 15:34

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.

https://support.apple.com/en-nz/HT202778

solutionz

589 posts

Ultimate Geek
Inactive user

#1771977 28-Apr-2017 15:35

I got a surprise the first time I plugged my Android phone into the USB port of a rental car to charge and my mobile screen appeared mirrored on the on-board display - was like WTF, I didn't authorize / enable any connection. Same goes when they start trying to download all your contacts over USB and/or Bluetooth however BT now usually prompts for access to contacts / SMS.

PhantomNVD

2619 posts

Uber Geek
Inactive user

#1771988 28-Apr-2017 15:49

RunningMan:
I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.

https://support.apple.com/en-nz/HT202778

I can confirm it does block access and still charge the device on ios9 and above (not sure when this came in for older iOS systems though)

gnfb

2609 posts

Uber Geek

ID Verified

#1771996 28-Apr-2017 16:00

Thanks very much for the response . I sell a range of travel power adapters, that obviously are immune to the problem. The USB charge security problem was bought up in conversation. The answers you have provided were well above my pay grade LOL So Thanks

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.

Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

I have two shops online allshop.nz patchpinflag.nz
Email Me

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

Sam91

620 posts

Ultimate Geek

#1772003 28-Apr-2017 16:16

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

Jase2985

13462 posts

Uber Geek

ID Verified

Lifetime subscriber

#1772033 28-Apr-2017 17:11

spend $30 and get a power bank if your worried, a 10000mah one will charge your phone 2-4 times

ANglEAUT

2326 posts

Uber Geek

Trusted

Lifetime subscriber

#1772123 28-Apr-2017 20:00

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

If my phone ever prompted me to trust a wall charger I would be very suspicious.

I guess your only defence would be a cable that only does charging and not data synchronisation.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

gnfb

2609 posts

Uber Geek

ID Verified

#1772183 28-Apr-2017 22:36

IcI:

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

If my phone ever prompted me to trust a wall charger I would be very suspicious.

I guess your only defence would be a cable that only does charging and not data synchronisation.

For my barometer for consumer need or desire I head on over to Aliexpress and see how many types and variety's are being sold. Of the usb cable with not data there are quite a few. So there maybe a consumer demand whether it is needed or not.

Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

I have two shops online allshop.nz patchpinflag.nz
Email Me

gnfb

2609 posts

Uber Geek

ID Verified

#1772189 28-Apr-2017 22:41

and here is a device

PortaPow Fast Charge + Data Block USB Adaptor with SmartCharge Chip

Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

I have two shops online allshop.nz patchpinflag.nz
Email Me

d3Xt3r

688 posts

Ultimate Geek

Trusted

#1772970 30-Apr-2017 18:29

gnfb:
Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.

There's no need for such an app. As @Mattrix mentioned, most Android phones are set to charge-only by default and you cannot change the default (at least on stock Android).

As for the popup, some OEMs already provide that functionality, however stock Android doesn't provide a popup but rather a notification item which you can click on and then change the mode.

KiwiSurfer

1456 posts

Uber Geek

ID Verified

Lifetime subscriber

#1772999 30-Apr-2017 19:52

Sam91:

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

A lot (but not all) of the new single-decker buses in South Auckland operated by Go Bus and the Murphys-Ritchies joint venture have USB charging ports as well. Has come in quite useful but you can't rely on it being present so always safer to charge before you travel. I wonder if people would start using them more when we come closer to 100% of buses having them avaliable (due to significally less chance of ending up stuck on a bus without USB charging ports).

richms

28189 posts

Uber Geek

Trusted

Lifetime subscriber

#1773101 30-Apr-2017 21:54

There is a difference between using your own cable in a USB socket, and plugging a random micro USB into your phone.

The 5th wire in the microusb can be used to choose which mode the data lines operate in. One of the modes is USB host, the other a USB client - we all know those ones. On samsungs there is also analog audio and also a serial terminal available by putting a different resistance on those pins. Many of the scary articles you find are talking about those other modes letting you do debug on the phone and similar.

Richard rich.ms