Today's NYTimes features an article titled Stop! Don’t Charge Your Phone This Way.
It warns that hackers are setting up compromised USB "charging stations" in airports, hotels, etc. Similar to "card skimmers" on ATM machines.
First time I have ever heard of the potential for this attack method. Legitimate threat that people need to be aware of or more of a clickbait concern? What do you think?
Top comments (15)
I don't think it's just clickbait.
I own a few of these things:
amazon.com/PortaPow-3rd-Gen-Data-B...
They are data blockers, they only let through the charging signal, very useful for when you have to plug in a random public USB port.
Until they start making fake, compromised versions of the device above! Scary thought
hahahaha then we descend in tinfoil hat territory :D
On Android devices, plugging in a USB cord that is also plugged into a computer provides options on what the USB should be used for:
It defaults to "No data transfer", so I'm not sure if this is a real issue unless the user changes that setting after connecting. I could be mistaken on this though.
I think connect is connect. Not important what thing choose. So they can do anything if your device connected to computer. This is my idea 🙂
That reminds me of a video by some YouTuber called N-O-D-E I saw two years ago. In this clip he shows how to build yourself an adaptor for charging your phone safely.
I've heard of this previously and yes, I would say, charge with care, be aware of your surroundings.
That said, I'm not too worried as I tend to have a power pack with me and will use the USB port to charge the power pack, instead of my phone.
EDIT: Having a charge only / no data table may help to skirt any data hacking concerns.
Never heard the term "juice-jacking" before today, but reports of the problem have been around for a while.
It used to be that phones would, by default, expose the filesystem to any USB connection. Newer Android devices require the user to actively choose to allow access.
My questions would be:
Several folks have advocated carrying a power-only cable. That's a reasonable preventative, but it's not a cure-all (more a defense in depth). Many charging stations don't offer ports, just hardwired cables with the various connectors.
Some other people mentioned using those cheap-o USB charging cables without data wires that come with some devices. This solution amuses me because it turns a penny-pinching defect into a “feature”.
Peter. This is very dangerous... Hackers can't access all this data it's gonna expose personal data..... Imagine if they had a DNS too such a bad hack..
Don't use ANY random USB!
Share this with EVERYONE on Dev!
This kind of hacking has been in the news quite some time ago.
I just use my power pack. It charges faster. I can sit where I want. And I know it is safe.
Get a power-only cord. There are really cool 3-way cords like: amazon.com/dp/B07KZNSW4K
Get a battery pack. These things are SO cheap and light these days. I love the Anker brand.