Submitted via IRC for TheMightyBuzzard
If you connect your devices to anything public, be it wireless or wired Internet, or USB power charging stations, it is best to assume that these are not safe. While you can protect your data in several ways, e.g. by using a VPN when you need to access the Internet while connected to a public or untrusted network, it is sometimes the case that simple things are overlooked. In November 2019, Los Angeles' District Attorney's Office published an advisory to travelers about the potential dangers of public USB ports. These ports could be used for an attack that has been called juice-jacking. Juice Jacking basically allows attackers to steal data or infect devices that unsuspecting people plug into specifically prepared USB power stations. The Distrcit[sic] Attorney's Office recommended that travelers use AC power outlets directly, use portable chargers, or charge devices in cars instead of using public USB chargers. While that is sound advice, it may not be possible sometimes to use these alternatives. That's where the Original USB Condom comes into play.
Source: https://www.ghacks.net/2019/12/09/usb-condoms-are-a-thing-now/
Is "juice jacking" really a thing though? Have any of you soylentils out there actually seen a rogue USB plug in the wild?
(Score: 2) by toddestan on Saturday December 14 2019, @03:51PM (1 child)
The phone I have will show up as a drive if it's just connected, but until I grant access on the phone the drive is completely empty. So it should be safe, though this behavior does seem like it exposes a larger attack surface than would be necessary. It's running Android 8.1.
(Score: 2) by RS3 on Saturday December 14 2019, @05:03PM
Yes, absolutely, especially if you turn on "developer mode", and I can't remember, but maybe that has to be on to get filesystem access anyway?
But I haven't figured out how to get true root filesystem access through Windows USB drive access. I use "adb shell" and manually (cli) copy things to USB Windows accessible directories.