Tuesday, 29 October 2019

How Safe Are Public Charging Stations?

Hands using a phone plugged into a USB port at a charging station.
Kartinkin77/Shutterstock

These days, airports, fast-food restaurants, and even buses have USB charging stations. But are these public ports safe? If you use one, could your phone or tablet be hacked? We checked it out!

Some Experts Have Sounded the Alarm

Some experts think you should be concerned if you’ve used a public USB charging station. Earlier this year, researchers from IBM’s elite penetration testing team, X-Force Red, issued dire warnings about the risks associated with public charging stations.

“Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth,” said Caleb Barlow, the vice president of threat intelligence at X-Force Red. “You have no idea where that thing has been.”

Barlow points out that USB ports don’t merely convey power, they also transfer data between devices.

Modern devices put you in control. They aren’t supposed to accept data from a USB port without your permission—that’s why the “Trust This Computer?” prompt exists on iPhones. However, a security hole offers a way around this protection. That’s not true if you simply plug a trusted power brick into a standard electrical port. With a public USB port, though, you rely on a connection that can carry data.

With a bit of technological cunning, it’s possible to weaponize a USB port and push malware to a connected phone. This is particularly true if the device runs Android or an older version of iOS, and therefore, is behind on its security updates.

It all sounds scary, but are these warnings based on real-life concerns? I dug deeper to find out.

From Theory to Practice

A hand plugging a USB cord into a charging port on the back of an airline seat.
VTT Studio/Shutterstock

So, are USB-based attacks against mobile devices purely theoretical? The answer is an unambiguous no.

Security researchers have long regarded charging stations as a potential attack vector. In 2011, veteran infosec journalist, Brian Krebs, even coined the term “juice jacking” to describe exploits that take advantage of it. As mobile devices have inched toward mass-adoption, many researchers have focused on this one facet.

Read the remaining 16 paragraphs



from How-To Geek https://ift.tt/343GY0Y

No comments:

Post a Comment