cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

Think again about sharing that used tissue ...

o.k. I admit that I used a little bit of sensationalism in the title.

 

As demonstrated last week at the DEF CON Hacking conference (I would love to go to that!) it is highly recommended that you not share a charging cable with someone else.  An excellent scenario is the first class area of a plane. There's a good chance that a corporate exec or two are flying first class and how easy would it be to offer your hacked charging cable to them being the "nice guy"!

 

Charging cubes, power adapters, etc. all are prime targets. Also those silly charging stations at the Metropolitan Art museum in NYC is another perfect example of targets.

3 Replies
Wayne_Evans
Newcomer III

This isn't a new problem and there are many solutions. such as

https://int3.cc/products/usbcondoms

However, with all things its up to you and your risk appetite, My phone has wireless charging and lot of public places are supporting wireless charging now... 

Shannon
Community Champion

 

 

While I always stick to my own cables / chargers & carry a power-bank when on the move, I've assumed the phone's secure if password-protected & configured so that USB file transfer is disabled by default.

 

 

If I connect my phone --- an Mi6 --- to a PC's USB port, it defaults to the USB charging mode, and there's no access to storage in Windows Explorer.

 

 

Mi6 - USB - Before.png

 

 

You have to enable File Transfer from the phone if you want to transfer files, after which you'll have access.

 

 

Mi6 - USB - After.png

 

 

(I've configured my phone with one password to unlock it & another to access the settings, so enabling File Transfer would require knowing both.)

 

 

Interestingly, this article says that when one of the DefCon attendees who claimed that File Transfer was off on his phone connected it to their 'kiosk' it immediately went into File Transfer mode!

 

 

Now I'm left wondering whether or not my phone's secure when it comes to juice-jacking via the USB port...  Man Frustrated

 

 

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
rslade
Influencer II

> Flyslinger2 (Community Champion) posted a new topic in Industry News on

>   An excellent scenario is the first class area of a plane. There's a good
> chance that a corporate exec or two are flying first class and how easy would it
> be to offer your hacked charging cable to them being the "nice guy"!   Charging
> cubes, power adapters, etc. all are prime targets.

Doesn't even have to be first class. I always made lots of friends in airports (and
train stations, etc.) by having extra extension cords and charging ports ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Some dismiss privacy [concerns] saying they have nothing to hide.
I don't accept that argument from anyone wearing clothes.
- Joshua Fairfield
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468