
‘Juice Jacking’ Criminals Use Public USB Chargers to Steal Data - prostoalex
http://da.co.la.ca.us/community/fraud-alerts/juice-jacking-criminals-use-public-usb-chargers-steal-data
======
fernly
Somewhat more specific info on Wikipedia[1]. Easy prevention is a "USB
Condom", a USB cable with the data lines blocked[2][3].

Edit: those devices seem to be only for USB 2 type A connections. Anyone know
of other format "condoms" eg mini-A or type 3?

[1]
[https://en.wikipedia.org/wiki/Juice_jacking](https://en.wikipedia.org/wiki/Juice_jacking)

[2] [https://www.usbcondom.org/](https://www.usbcondom.org/)

[3] [http://syncstop.com/](http://syncstop.com/)

~~~
klyrs
My solution is a usb- chargable backup battery.

~~~
fernly
That's good. Plug in the battery at the station, "here, jack this." Plug your
phone into the output jack of the battery.

~~~
ncmncm
They usually say not to charge the battery and draw from it at the same time.
They never say why.

~~~
dragonwriter
So, get two batteries, and charge one while using the other to charge. Plus,
you then have a charged backup battery...

------
ars
I don't get how this works. When my phone connects to USB data it always asks
me if I want to talk to that machine.

Does it emulate a keyboard or something like that?

~~~
jdnenej
Android didn't always work like that. A few years ago it used to allow access
to internal storage as soon as you unlocked the phone so if you ever used the
phone while it was charging you would be exploited.

With how horrible phone makers are at updating things I would not be surprised
if there was a significant number of old android versions hanging around.

~~~
r1ch
Even so, I don't see how you exactly you go from internal storage to loading
malware or exfiltrating passwords. Exposing internal storage doesn't let you
access the isolated app storage where private app data and passwords would be
stored, only common areas like downloads and media.

Lacking any technical details, this article reads like one of those scary
chain forwards.

~~~
fuzzy2
When I still used Android, lots of apps would put all sorts of data on the "SD
card" storage. This could've included credentials.

------
themodelplumber
Unfortunately there's no information as to the specifics, which in this case
would possibly make a huge difference.

Amusingly, the video starts with the same exact music that I use to put my
kids to sleep at night. It's used in one of the more popular sleep music
videos on YouTube. I just thought this was pretty funny. Ideally a
municipality would arrange for some music standards and source something
that's not also usable by a random video publisher like that...

~~~
roel_v
"Ideally a municipality would arrange for some music standards and source
something that's not also usable by a random video publisher like that..."

I think you vastly overestimate the amount of thought that goes into things
like this. Also, I don't think such level of detail is a good use of (finite)
resources.

------
aaron695
This is fucking stupid.

Please give one example on planet Earth where this has happened.

If you can't do this, please name how it would be done.

IE what devices it would work on and what data you would take? Specific, what
versions of Android does it work on?

Not a generic I'll take all your "banking data" magic BS, is it actually
possible to access my banking data? Where is it stored and can your thing
access it?

If you need to open up the public device in the airport and install your
thing, please say this.

Since you could also put a small IED in there, it might be tricky. Al Qaeda
probably would pay you more than some stolen bank data you can buy off a open
web hacker forum.

------
rshnotsecure
Has anyone looked into data blockers such as “PortaPow” on Amazon.com? If
they’re a scam that’s fine, but I will never forgive myself if they turn out
to be loaded with exploits...

Also can anyone comment on how feasible defenses are against outlet power
hacking at say a hotel? Is there any tool under $100 available to the masses?
$200?

~~~
moreati
If the budget is $100, then bringing a compact mains charger seems easiest.
E.g.
[https://www.themu.co.uk/collections/collection/products/amer...](https://www.themu.co.uk/collections/collection/products/american-
traveller)

~~~
taneq
Not to mention most people are likely to have a drawer full of the things from
past phones.

------
Arbalest
Headline just reminded me to disable USB debugging. Though I wonder how many
exploits are available for more modern Android phones. Between USB debugging
authorising the host, and the "Use USB for charging" option, how much space is
left for this? I'll still be attempting to use my own chargers though.

~~~
ShorsHammer
> how much space is left for this

Why would a bad actor bother searching for greener pastures?

[https://www.shodan.io/search?query=android+debug+bridge](https://www.shodan.io/search?query=android+debug+bridge)

~~~
rkachowski
but adb has to be explicitly enabled through developer options hidden in the
about phone settings of the device. Even then an explicit trust must be
authorized between the adb server and device, via a dialog displayed upon the
screen (containing the fingerprint of the server).

Both Android and iOS have protections against this kind of attack, I would be
really interested to hear the technical nature of how these work - either
there is some bizarrely widespread 0 day exploit in all these chargers, this
attack primarily affects old devices, or this article is primarily bait.

~~~
ShorsHammer
Some devices ship with it turned on by default, this was prominent a year ago,
it's horrendous and still very real.

[https://www.bleepingcomputer.com/news/security/tens-of-
thous...](https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-
android-devices-are-exposing-their-debug-port/)

------
alecco
Reminds me of the OMG cable [https://techcrunch.com/2019/08/12/iphone-
charging-cable-hack...](https://techcrunch.com/2019/08/12/iphone-charging-
cable-hack-computer-def-con/)

------
analog31
Ask HN: What about cutting data+ and data- lines on a charging cable?

~~~
milesvp
If you do you may have a hard time getting 1.8 amps out of the charger. D+-
lines are used to negotiate, they’re also used to identify various chargers.
Apple is a prime example of a unique ‘footprint’ a charge chip can look at to
know it’s attached to an Apple switch mode power supply and can draw more than
100mA.

I recently selected a charge chip for a work project that took care of the
negotiation, so I can’t quite remember the details but it was something I had
to pay attention to, and definitely needed to layout the board to use the data
lines even though we don’t take data in.

~~~
analog31
Do you remember the chip type?

~~~
milesvp
max8895. amazing chip. saved us a lot of dev time. only major downside other
than cost is you need really good fab for you pcb since it has a tiny
footprint and needed to be placed on top of micro vias. It even really
confused KiCad since the tolerances are unusual. I wouldn’t want to hand
solder this chip either...

[https://datasheets.maximintegrated.com/en/ds/MAX8895V-MAX889...](https://datasheets.maximintegrated.com/en/ds/MAX8895V-MAX8895Y.pdf)

------
buboard
why don't phones implement a "charge-only mode"

~~~
skrebbel
My bog standard two year old sony's android says "allow data connection?" when
the phone is plugged into something that has a data channel. I'm assuming it's
essentially in "charge only mode" until I tap "allow".

~~~
Piskvorrr
I would assume so. But is it actually?

(The ancient Xperia I had did report with a different USB ID and device class
when in charge-only mode, but it _did_ obviously communicate over data, at
least as far as enumerating its endpoints.)

------
ryanlol
I don’t think criminals are actually doing this.

------
kpU8efre7r
I know the Pixel phones prevent this. By default, USB connections are for
charging only. The user has to explicitly enable data every time the phone is
plugged into a PC

Even if USB debugging is enabled the user has to manually accept the RSA host
key for any debug access to occur.

~~~
professorTuring
Don't get distracted, if they are exploiting an USB vulnerability the "don't
allow" feature by default will do nothing.

