Jailbroken Devices Compromised By Charging Stations 93
mask.of.sanity writes "Data can be stolen from Windows, Android and Apple devices by unassuming power charging towers. In an attack demonstrated at the Defcon hacking conference, mobile phone charging units were rigged to pull data from phones plugged into them. Researchers found many jailbroken and modified devices activated USB functions when they were plugged in, or simply rebooted."
Seatback charging on airplanes (Score:5, Informative)
Re:Duh (Score:5, Informative)
What you need is a USB CondomCable with the D+ and D- pins shorted together. No data can flow, and if the bad guys didn't bother to try and implement proper power protocol, you'll get the added satisfaction of frying THEIR hardware when your phone cranks up the juice and tries to suck down 1.7A instead of politely sipping 100mA. Just don't ever use such a cable by mistake to connect your phone to a pc or laptop belonging to yourself or a friend.
Re:Seatback charging on airplanes (Score:4, Informative)
AC Chargers that can supply up to 1000ma short the two data pins together to tell the phone it can draw that high amount of current.
USB devices connected to a controller are only allowed to draw 500ma, and only after negotiation with the host.
A USB connected to a port where the data pins are not shorted AND cannot negotiate a higher current with the host is only allowed to draw 100ma.
So removing the data pins from a USB port will prolong charge duration 5x or 10x
Re:Duh (Score:4, Informative)
I don't think he meant that the d+/- lines were what fries the host, he was indicating that the phone wouldn't think it's connected to a computer and it would draw higher amps because it thinks it's hooked up to just a charger. So if the host didn't limit amps and it's wires weren't rated for 1.7A, then it would result in them overheating and hopefully damaging something.
The whole purpose was to make a connector that actually works, not something to destroy the host. The ancillary prize was damaging hosts if they were advertised as just a charger and they really weren't.
Told you so (Score:4, Informative)
Told you so on February 6, 2009. [slashdot.org]
Back in 2009, it was just a Windows autorun problem. Since then, Google and Apple have been able to screw up in the same way.
Coming soon, I suppose, attacks on appliances via "smart meter" data links. Not everything should have a data link.