Submitted via IRC for TheMightyBuzzard
If you connect your devices to anything public, be it wireless or wired Internet, or USB power charging stations, it is best to assume that these are not safe. While you can protect your data in several ways, e.g. by using a VPN when you need to access the Internet while connected to a public or untrusted network, it is sometimes the case that simple things are overlooked. In November 2019, Los Angeles' District Attorney's Office published an advisory to travelers about the potential dangers of public USB ports. These ports could be used for an attack that has been called juice-jacking. Juice Jacking basically allows attackers to steal data or infect devices that unsuspecting people plug into specifically prepared USB power stations. The Distrcit[sic] Attorney's Office recommended that travelers use AC power outlets directly, use portable chargers, or charge devices in cars instead of using public USB chargers. While that is sound advice, it may not be possible sometimes to use these alternatives. That's where the Original USB Condom comes into play.
Source: https://www.ghacks.net/2019/12/09/usb-condoms-are-a-thing-now/
Is "juice jacking" really a thing though? Have any of you soylentils out there actually seen a rogue USB plug in the wild?
(Score: 1, Insightful) by Anonymous Coward on Friday December 13 2019, @02:28PM (8 children)
Android phones won't exchange data without specifically being authorized by a very large and weird-looking popup. It would depend on either exploiting a vulnerability (and I don't know of any such vulnerabilities; maybe in some ancient Android version?), or some pretty dumb user behavior. While it's not possible to rule out dumb user behavior, any user who would bother to bring their own cable just to defend against something like this is certainly not going to mindlessly click through the very obvious warning.
If you do still want to worry about this, you don't need a twee little "USB Condom." There have been power-only USB cables sold for years, since you don't need as many conductors in the wire and a lot of cables are just used for power and nothing else, plus you can use them to split the power connection among multiple devices without needing to implement the complicated hub protocol.
I'm less familiar with iPhone, but given Apple's greater focus on privacy (and the general hurdles involved in doing much of anything with an iPhone), I'd expect them to be at least as good as Android in this department.
(Score: 3, Informative) by RS3 on Friday December 13 2019, @03:39PM (6 children)
None of my 3 Android-based phones does anything when I plug into a computer's USB port. Computer gets access immediately. No popups, no nothing on the phone. Well, they comes out of screen blank, but nothing else. Android 4, 5, 7
(Score: 2) by DeathMonkey on Friday December 13 2019, @06:13PM (1 child)
Interesting..
I have an HTC and it definitely requires the approval.
(Score: 2) by RS3 on Friday December 13 2019, @11:57PM
One is Huawei, one is Asus, and one is Samsung.
Now I'm pretty sure I have them all in "developer mode", so maybe that's the difference?
(Score: 2) by stormwyrm on Saturday December 14 2019, @01:03AM (1 child)
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by RS3 on Saturday December 14 2019, @01:17AM
Oh, thank you, you triggered my memory: "notification". I turn them off globally. Maybe one or two things are allowed through, but mostly nope. I'm guessing that's why I don't get the annoying popup.
(Score: 2) by toddestan on Saturday December 14 2019, @03:51PM (1 child)
The phone I have will show up as a drive if it's just connected, but until I grant access on the phone the drive is completely empty. So it should be safe, though this behavior does seem like it exposes a larger attack surface than would be necessary. It's running Android 8.1.
(Score: 2) by RS3 on Saturday December 14 2019, @05:03PM
Yes, absolutely, especially if you turn on "developer mode", and I can't remember, but maybe that has to be on to get filesystem access anyway?
But I haven't figured out how to get true root filesystem access through Windows USB drive access. I use "adb shell" and manually (cli) copy things to USB Windows accessible directories.
(Score: 2) by TheRaven on Saturday December 14 2019, @02:04PM
sudo mod me up