Jailbroken Devices Compromised By Charging Stations

mask.of.sanity writes "Data can be stolen from Windows, Android and Apple devices by unassuming power charging towers. In an attack demonstrated at the Defcon hacking conference, mobile phone charging units were rigged to pull data from phones plugged into them. Researchers found many jailbroken and modified devices activated USB functions when they were plugged in, or simply rebooted."

Seatback charging on airplanes

[mpoulton]

I flew on Air Canada a few weeks ago and they had USB ports for charging integrated into the seatback touchscreen displays. When I plugged my phone (HTC Incredible running CM7 nightlies) into it with a USB data cable, it indicated a valid data connection to a host controller! I was surprised and thought the seatback device probably contained a small PC to handle the interactive display. I tried to poke around on the host device to see what I could find, but didn't get anywhere with it. For some reason it didn't even occur to me that the "poking around" could be going the other way. If someone could compromise those seatback devices, the phone contents of thousands of passengers could be automatically collected...

Re:Duh

[Miamicanes]

What you need is a USB CondomCable with the D+ and D- pins shorted together. No data can flow, and if the bad guys didn't bother to try and implement proper power protocol, you'll get the added satisfaction of frying THEIR hardware when your phone cranks up the juice and tries to suck down 1.7A instead of politely sipping 100mA. Just don't ever use such a cable by mistake to connect your phone to a pc or laptop belonging to yourself or a friend.

Re:Seatback charging on airplanes

[Anonymous Coward]

AC Chargers that can supply up to 1000ma short the two data pins together to tell the phone it can draw that high amount of current.
USB devices connected to a controller are only allowed to draw 500ma, and only after negotiation with the host.
A USB connected to a port where the data pins are not shorted AND cannot negotiate a higher current with the host is only allowed to draw 100ma.

So removing the data pins from a USB port will prolong charge duration 5x or 10x

Re:Duh

[Kookus]

I don't think he meant that the d+/- lines were what fries the host, he was indicating that the phone wouldn't think it's connected to a computer and it would draw higher amps because it thinks it's hooked up to just a charger. So if the host didn't limit amps and it's wires weren't rated for 1.7A, then it would result in them overheating and hopefully damaging something.
The whole purpose was to make a connector that actually works, not something to destroy the host. The ancillary prize was damaging hosts if they were advertised as just a charger and they really weren't.

Told you so

[Animats]

Told you so on February 6, 2009. [slashdot.org]

Back in 2009, it was just a Windows autorun problem. Since then, Google and Apple have been able to screw up in the same way.

Coming soon, I suppose, attacks on appliances via "smart meter" data links. Not everything should have a data link.