Oh was that data sensitive now its ours, the perils of using any open port

[kiska3]

Source: http://thenewdaily.com.au/life/tech/2017/02/20/juice-jacking-public-risk/

 

Not a Ryzen thread!

Quote

Dubbed ‘Juice Jacking’, the vulnerability was demonstrated last week at the annual RSA Security Conference, in San Francisco, when security outfit Authentic8 set up a number of USB power outlets for attendees to charge their mobile devices.

“The security risks here are obvious … your phone could be silently packed with anything from adware to ransomware. And, if you’re a decision-maker in a big company, you could easily become the target of professional hackers,” said Alexey Komarov, researcher at Kaspersky Lab.

When a smartphone is connected to a USB port, a ‘handshake’ occurs, where the device relays hardware and software information to the USB port so that connected hardware – usually a computer – knows what kind of device is now attached and how to communicate with it.

Using this information, a compromised USB port can then select the appropriate method to defeat security and install malicious software on the device, or simply siphon data from the handset.

So how many people here use Airport power to charge their mobiles or appliances?

I can see a reduction of people using power points or USB hubs at airports now, or people carrying more power banks with them

[79wjd]

2 minutes ago, kiska3 said:

I can see a reduction of people using power points or USB hubs at airports now, or people carrying more power banks with them

Maybe a 0.01% reduction. Most people won't ever even see this and those that do will forget about it in under five minutes. 

[PlayStation 2]

Haven't been to an airport in a decade.

[aeroencychris]

 

[goodtofufriday]

This applies to open usb ports in any location. Starbucks, bus terminals, those information/charge booth across nyc upper east side. 

 

 

[kiska3]

2 minutes ago, goodtofufriday said:

This applies to open usb ports in any location. Starbucks, bus terminals, those information/charge booth across nyc upper east side. 

 

 

I shall change the title to reflect this information

 

This is why I carry 2 power banks

[Ryujin2003]

3 minutes ago, djdwosk97 said:

Maybe a 0.01% reduction. Most people won't ever even see this and those that do will forget about it in under five minutes. 

Yeah, seriously almost slipped it since it had nothing to do with Ryzen...

 

Haha, jk. No, I don't use public WiFi, and I don't stick important things into dirty unprotected and publicly available slots...

 

People seem to think I'm crazy and that I read too much Tom Clancy, but the struggle is real. Working as a repair tech, I've definitely learned how ignorant people are to electronics.

 

This in no way surprises me in any way. But, I don't think the masses of sheople will change habits. Gotta update FB, Tweet about my travels and air port food, and watch endless videos of scantily clad girls doing dumb stuff. I can't do it without charging. Oh, and free WiFi? I love traveling....../s

[Hogosha]

Does the charge only, no data setting on some androids change this at all?

[kiska3]

2 minutes ago, Hogosha said:

Does the charge pnly, no data setting on some androids change this at all?

It still does the initial negotiation with the charger, the only way to stop this negotiation is to short out the data pins OR them not being present

[goodtofufriday]

1 minute ago, kiska3 said:

I shall change the title to reflect this information

 

This is why I carry 2 power banks

Im sure that in nyc its being done. Recently a plan got blocked that would have allowes new yorks free wifi to send notification ads to your phone. And went further to say even if your just using 4g. 

 

Im sure that their "free" wifi collects data on people who use it. As well as at those info booths. 

[79wjd]

6 minutes ago, goodtofufriday said:

This applies to open usb ports in any location. Starbucks, bus terminals, those information/charge booth across nyc upper east side. 

 

 

Not just the upper east side, they're in midtown too, although I don't recall seeing them below that....which is interesting. 

 

3 minutes ago, Hogosha said:

Does the charge pnly, no data setting on some androids change this at all?

I'm sure not. The only way to guarantee charge only is to have a cable without data pins. 

[zMeul]

6 minutes ago, cdsboy2000 said:

 

I was thinking of the same, but on smaller scale

 

the problem with it is that this method doesn't work with type C since it actually requires handshake between the charger, cable and phone

[kiska3]

3 minutes ago, djdwosk97 said:

I'm sure not. The only way to guarantee charge only is to have a cable without data pins. 

Which is not possible with phones that have USB type C connections which I have just learnt from @zMeul

[The Benjamins]

5 minutes ago, Ryujin2003 said:

Yeah, seriously almost slipped it since it had nothing to do with Ryzen...

 

Haha, jk. No, I don't use public WiFi, and I don't stick important things into dirty unprotected and publicly available slots...

 

People seem to think I'm crazy and that I read too much Tom Clancy, but the struggle is real. Working as a repair tech, I've definitely learned how ignorant people are to electronics.

 

This in no way surprises me in any way. But, I don't think the masses of sheople will change habits. Gotta update FB, Tweet about my travels and air port food, and watch endless videos of scantily clad girls doing dumb stuff. I can't do it without charging. Oh, and free WiFi? I love traveling....../s

I use a VPN when Im on public wifi.

 

Does anyone make a USB "condom" that also regulats the power to protect it from over current/voltage?

[The Benjamins]

5 minutes ago, zMeul said:

I was thinking of the same, but on smaller scale

 

the problem with it is that this method doesn't work with type C since it actually requires handshake between the charger, cable and phone

I thought it only needed a 56k ohm resistor to ground, not a handshake, I have not looked into it but I don't they the data connection needs to attach even for USB type c

[kiska3]

4 minutes ago, The Benjamins said:

I use a VPN when Im on public wifi.

 

Does anyone make a USB "condom" that also regulats the power to protect it from over current/voltage?

I don't think so, since it requires the data pins to be present to both the device and the charger for device max current negotiation

[zMeul]

4 minutes ago, The Benjamins said:

I thought it only needed a 56k ohm resistor to ground, not a handshake, I have not looked into it but I don't they the data connection needs to attach even for USB type c

I recall being much more complicated since the Anker cable "remembering" voltage

 

---

 

I also recall something from USB-IF and Intel pushing for chargers to have handshake with the device it powers/charges

[goodtofufriday]

9 minutes ago, djdwosk97 said:

Not just the upper east side, they're in midtown too, although I don't recall seeing them below that....which is interesting. 

 

Same reason that the LES doesnt have cell coverage in the subways lol. 

[The Benjamins]

5 minutes ago, zMeul said:

I recall being much more complicated since the Anker cable "remembering" voltage

 

---

 

I also recall something from USB-IF and Intel pushing for chargers to have handshake with the device it powers/charges

I could see it that without a handshake it uses the lower current old standard and requires a handshake for quick charge modes. I may skim though the USB 3.1 doc in a sec

[vorticalbox]

this is no different than plugging your phone into a computer you don't own. I know windows phone and android have a feature that requires you to accept a connection before anything can be transferred to the phone.

[79wjd]

19 minutes ago, vorticalbox said:

this is no different than plugging your phone into a computer you don't own. I know windows phone and android have a feature that requires you to accept a connection before anything can be transferred to the phone.

iOS too. But it wouldn't be hard to force acceptance of the connection. 

[N3v3r3nding_N3wb]

I predicted this!!!!!!!  Bow before my superior secureness! Paranoia does pay off!

 

I'm just kidding. I have always carried a power bank, so I don't have to worry about it.

[AresKrieger]

Never charged via usb as I have a barrel power input so fortunately this doesn't affect me

[iamdarkyoshi]

I charge my powerbank and use it to charge my phone, my powerbank abuses the USB standard and pulls like 2.5A, while my phone pulls 1A to charge, so by charging my powerbank, I can get twice the energy stored

[AnonymousGuy]

It's very suspicious that it doesn't specify what devices it affects.  If this only affects rooted Android devices, then who gives a shit.  I bet regardless it doesn't work at all on iOS.  You have to actively allow data transfer on an iPhone when you plug in to USB with a "do you trust this computer" prompt.