Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsAndroidA question of data security
gnfb

2685 posts

Uber Geek
+1 received by user: 197

ID Verified

#214122 28-Apr-2017 15:24
Send private message

I will ask this here although I am not sure if its the right forum.

 

I was recently reading Stop Chargeing in public ports

 

The gist of it is that public chrgeing ports are being hacked to mak it possible to steal data. True ? False?

 

If you do have to charge in a public port use a usb cable without the data cable or with it removed . This will stop the chance of stealing of data through the cahreging port. True ? False?




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

I have two shops online allshop.nz    patchpinflag.nz
Email Me

Create new topic
solutionz
589 posts

Ultimate Geek
+1 received by user: 164
Inactive user


  #1771971 28-Apr-2017 15:29
Send private message

     

  1. It is possible to compromise data on mobile device over USB? Yes
  2. Is it actually happening? Internationally - probably, Locally (NZ) - possibly.
  3. Will using a "charge-only" (without data pins) or switchable USB cable prevent this particular attack? Yes



Linux
12174 posts

Uber Geek
+1 received by user: 8469

Trusted
Lifetime subscriber

  #1771973 28-Apr-2017 15:30
Send private message

I personally would not use one

Linux

mattrix
193 posts

Master Geek
+1 received by user: 39
Inactive user


  #1771974 28-Apr-2017 15:30
Send private message

For Android:

I can see it being true if there was some intelligence in the "port".

 

eg. If it presented itself as a MTP Initiator (like your computer does)

 

However, most modern Android phones have USB modes now eg. Charging or File Transfer (with Charging being default)

 

In Charging mode - MTP isn't activated.

 

The other way could be using ADB.

 

But, if you don't have debugging on the phone enabled - you should be pretty safe from that.

 

I would say be more cautious if using an old phone / older Android version.
These had things like default Mass Storage mode when plugged in etc and would be a lot more susceptible.

 

And if using public charging stations - make sure to keep your Android phone in "Charge mode".

 

Definitely the safest method is to only have the +5v and GND connected in the charging cable.

 

 

 

I would more worried about a (malicious) damage causing USB port than data stealing.
eg. high voltage output, or AC or pins connected to each other, or voltage up data pins etc.

 

(YouTube - "USB Killer" if you think your devices protect against this)



RunningMan
9184 posts

Uber Geek
+1 received by user: 4834


  #1771976 28-Apr-2017 15:34
Send private message

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.

 

https://support.apple.com/en-nz/HT202778


solutionz
589 posts

Ultimate Geek
+1 received by user: 164
Inactive user


  #1771977 28-Apr-2017 15:35
Send private message

I got a surprise the first time I plugged my Android phone into the USB port of a rental car to charge and my mobile screen appeared mirrored on the on-board display - was like WTF, I didn't authorize / enable any connection. Same goes when they start trying to download all your contacts over USB and/or Bluetooth however BT now usually prompts for access to contacts / SMS.

PhantomNVD
2619 posts

Uber Geek
+1 received by user: 759
Inactive user


  #1771988 28-Apr-2017 15:49
Send private message

RunningMan:

I think later iOS versions detect when you plug into a previously unused device and ask if you want to trust it before it would allow any data connection. Can't remember if it will charge if you click don't trust.


https://support.apple.com/en-nz/HT202778



I can confirm it does block access and still charge the device on ios9 and above (not sure when this came in for older iOS systems though)

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
gnfb

2685 posts

Uber Geek
+1 received by user: 197

ID Verified

  #1771996 28-Apr-2017 16:00
Send private message

Thanks very much for the response . I sell a range of travel power adapters, that obviously are immune to the problem. The USB charge security problem was bought up in conversation. The answers you have provided were well above my pay grade LOL So Thanks

 

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

I have two shops online allshop.nz    patchpinflag.nz
Email Me

Sam91
620 posts

Ultimate Geek
+1 received by user: 183


  #1772003 28-Apr-2017 16:16
Send private message

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

Jase2985
13730 posts

Uber Geek
+1 received by user: 6202

ID Verified
Lifetime subscriber

  #1772033 28-Apr-2017 17:11
Send private message

spend $30 and get a power bank if your worried, a 10000mah one will charge your phone 2-4 times

ANglEAUT
altered-ego
2436 posts

Uber Geek
+1 received by user: 841

Trusted
Lifetime subscriber

  #1772123 28-Apr-2017 20:00
Send private message

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

gnfb

2685 posts

Uber Geek
+1 received by user: 197

ID Verified

  #1772183 28-Apr-2017 22:36
Send private message

IcI:

 

There definitely has been talk of USB devices infecting your PC. Here is BadUSB which also have an Android version available. Then there also is the USBKiller. Here is Bruce Schneier talking about PoisonTap. I guess any of these could be hiding inside of a wall charger.

 

 

 

If my phone ever prompted me to trust a wall charger I would be very suspicious. 

 

I guess your only defence would be a cable that only does charging and not data synchronisation.

 

 

 

 

For my barometer for consumer need or desire I head on over to Aliexpress and see how many types and variety's are being sold. Of the usb cable with not data there are quite a few. So there maybe a consumer demand whether it is needed or not.

 

 




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

I have two shops online allshop.nz    patchpinflag.nz
Email Me

 
 
 
 

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).
gnfb

2685 posts

Uber Geek
+1 received by user: 197

ID Verified

  #1772189 28-Apr-2017 22:41
Send private message

and here is a device

 

PortaPow Fast Charge + Data Block USB Adaptor with SmartCharge Chip




Is an English Man living in New Zealand. Not a writer, an Observer he says. Graham is a seasoned 'traveler" with his sometimes arrogant, but honest opinion on life. He loves the Internet!.

 

I have two shops online allshop.nz    patchpinflag.nz
Email Me

d3Xt3r
697 posts

Ultimate Geek
+1 received by user: 132

Trusted

  #1772970 30-Apr-2017 18:29
Send private message

gnfb:

Assuming that the majority of mobile phone users are not technically empowered, I wonder if there is an "app for that" Pops up if you plug in a charger and asks the questions or alerts the user? Will do a quick scout of google play.



There's no need for such an app. As @Mattrix mentioned, most Android phones are set to charge-only by default and you cannot change the default (at least on stock Android).

As for the popup, some OEMs already provide that functionality, however stock Android doesn't provide a popup but rather a notification item which you can click on and then change the mode.

KiwiSurfer
1722 posts

Uber Geek
+1 received by user: 993

ID Verified
Lifetime subscriber

  #1772999 30-Apr-2017 19:52
Send private message

Sam91:

 

Most of the double deckers in Auckland have dual charging ports on the back of every seat. I hardly ever see anyone using them. I don't think this is due to privacy concerns though, I would think most people are oblivious to the security risk. I use the usb ports on the buses and I think you'd have to be slightly paranoid avoid them for security reasons. Sure there's a risk, but surely the chance of something happening is so low that it's not worth worrying about. However, I guess you could also argue that the convenience of charging your phone isn't worth the slight security risk.

 

 

A lot (but not all) of the new single-decker buses in South Auckland operated by Go Bus and the Murphys-Ritchies joint venture have USB charging ports as well. Has come in quite useful but you can't rely on it being present so always safer to charge before you travel. I wonder if people would start using them more when we come closer to 100% of buses having them avaliable (due to significally less chance of ending up stuck on a bus without USB charging ports).

richms
29098 posts

Uber Geek
+1 received by user: 10208

Trusted
Lifetime subscriber

  #1773101 30-Apr-2017 21:54
Send private message

There is a difference between using your own cable in a USB socket, and plugging a random micro USB into your phone.

 

The 5th wire in the microusb can be used to choose which mode the data lines operate in. One of the modes is USB host, the other a USB client - we all know those ones. On samsungs there is also analog audio and also a serial terminal available by putting a different resistance on those pins. Many of the scary articles you find are talking about those other modes letting you do debug on the phone and similar.




Richard rich.ms

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright