DEV Community

Cover image for NYTimes warns of USB "juice jacking"

NYTimes warns of USB "juice jacking"

Peter Kim Frank on November 18, 2019

Today's NYTimes features an article titled Stop! Don’t Charge Your Phone This Way. It warns that hackers are setting up compromised USB "charging ...
Collapse
 
rhymes profile image
rhymes

I don't think it's just clickbait.

I own a few of these things:

amazon.com/PortaPow-3rd-Gen-Data-B...

They are data blockers, they only let through the charging signal, very useful for when you have to plug in a random public USB port.

Collapse
 
gabe profile image
Gabe

Until they start making fake, compromised versions of the device above! Scary thought

Collapse
 
rhymes profile image
rhymes

hahahaha then we descend in tinfoil hat territory :D

Collapse
 
ryansmith profile image
Ryan Smith

On Android devices, plugging in a USB cord that is also plugged into a computer provides options on what the USB should be used for:

Android USB Options Screenshot

It defaults to "No data transfer", so I'm not sure if this is a real issue unless the user changes that setting after connecting. I could be mistaken on this though.

Collapse
 
hte305 profile image
Ha Tuan Em • Edited

I think connect is connect. Not important what thing choose. So they can do anything if your device connected to computer. This is my idea 🙂

Collapse
 
lbeul profile image
Louis • Edited

That reminds me of a video by some YouTuber called N-O-D-E I saw two years ago. In this clip he shows how to build yourself an adaptor for charging your phone safely.

Picture of USB Keychain

Collapse
 
scrabill profile image
Shannon Crabill • Edited

I've heard of this previously and yes, I would say, charge with care, be aware of your surroundings.

That said, I'm not too worried as I tend to have a power pack with me and will use the USB port to charge the power pack, instead of my phone.

EDIT: Having a charge only / no data table may help to skirt any data hacking concerns.

Collapse
 
thatblairguy profile image
That Blair Guy • Edited

Never heard the term "juice-jacking" before today, but reports of the problem have been around for a while.

It used to be that phones would, by default, expose the filesystem to any USB connection. Newer Android devices require the user to actively choose to allow access.

My questions would be:

  • Is there still information exposed even if the user selects "power only"?
  • Are vulnerable devices still coming/popular? -What are they?

Several folks have advocated carrying a power-only cable. That's a reasonable preventative, but it's not a cure-all (more a defense in depth). Many charging stations don't offer ports, just hardwired cables with the various connectors.

Collapse
 
jeikabu profile image
jeikabu

Some other people mentioned using those cheap-o USB charging cables without data wires that come with some devices. This solution amuses me because it turns a penny-pinching defect into a “feature”.

Collapse
 
ibrahimfromtgddev profile image
Ibrahim Imran • Edited

Peter. This is very dangerous... Hackers can't access all this data it's gonna expose personal data..... Imagine if they had a DNS too such a bad hack..
Don't use ANY random USB!

Share this with EVERYONE on Dev!

Collapse
 
sunitk profile image
Sunit Katkar

This kind of hacking has been in the news quite some time ago.

Collapse
 
drewtownchi profile image
Drew Town

I just use my power pack. It charges faster. I can sit where I want. And I know it is safe.

Collapse
 
val_baca profile image
Valentin Baca
  1. Get a power-only cord. There are really cool 3-way cords like: amazon.com/dp/B07KZNSW4K

  2. Get a battery pack. These things are SO cheap and light these days. I love the Anker brand.

Collapse
 
Sloan, the sloth mascot
Comment deleted
Collapse
 
highcenburg profile image
Vicente G. Reyes

This is weird. They wan about the problem but admit that it still has no cases.