Effectively the same thing, and portable!
[RIP my Axim X30]
"The CDL-02POWER is a type A male to type A female extension cable with only the + and - power pins connected.
This is extension for charging devices like ipods, Sat Navs etc. It allows you connect the appropriate device cable and charge the device through your USB port on your PC/Laptop with out opening up your webstore, itunes etc. While a device cable has data and power only the power from the extension is carried through.
Please note that due to limitations of 500ma output from a USB port, some devices may take longer than others to charge. "
It's called "3-in-1 charger" here in Europe and it looks like this:
It's even smaller than I thought it would be, and so much more portable than a normal UK plug.
Amazon 5W USB Charger
> The only defense is a very simple rule: don't plug your phone into a charger you don't own
These statements seem contradictory to me, unless I'm missing something. Shouldn't it be, "don't unlock your phone while it's plugged into a charger you don't own"? Or are they saying there are still vulnerabilities without the charger getting access to the UDID?
Unlock to check your email while plugged in? Compromised.
So can they attack a passcode protected phone or not?
Also, shouldn't this be one of those bugs they let apple fix first BEFORE they talk about it?
(Well, for an iPhone they'd need to be tied together with a resistor in the other end, but the idea is still the same.)
They did mention a fix is coming in iOS 7 (explicit approval prompt on the device), but until then your "USB condom" is probably as good a stopgap as any.
Cut it open. There are four wires and a braided shield inside. Look up the USB spec to figure out which wires to cut.
If in doubt, cut the wires that are not black and red. In general, red is power and black is ground.
Voila. Surgery. If it doesn't work, you're out a $3 cable.
All I could think was (a) why would I do that? and (b) that looks like a security vulnerability.
To charge your phone? Also, some of these IFE systems can play back MP4 files stored on USB mass storage devices. The Singapore Airlines IFE system even has Star Office so you can edit office documents without a computer. http://www.flickr.com/photos/82365211@N00/2473197320/in/phot...
And now I'm on some watchlist somewhere.
The newest versions of ADB mode in Android have settings to address this. But at the time this was a big deal in the Android community (or I should say XDA), one recognized dev developed an app for it.
I am glad all phone platforms are getting wise to these things.
It turns out that any device you connect with an iOS via the USB port can obtain your device's Universal Device ID (UDID), as long as the device isn't passcode-locked. It just takes a second, so if you plug in your device while it's unlocked, or unlock it while plugged in, or just don't have a passcode, Mactans can attack.
Unless they use an enterprise signing certificate.
It should be 'don't plug your iphone into a charger you don't own'
the other 90% of us are unaffected by this hack.
Could I just hide a tiny linux OS inside a charger? Then when someone plugs in the device just auto-mounts the SD card and copies away? Is it that simple?
Im still using an old n900 which asks you if you want it to just load its battery, be a modem or be a mass storage device.
- Different filesystems (unlikely this would work with anything but FAT based).
- Encrypted filesystems.
- Simply disabling the capability (I can't remember the last time I used USB data transfer on mine).
Of course, it's easy to do the above on a phone you actually have control over. Sorry, iPhone users.
Another added advantage in using the device is it can double the current output from my Macbook Air USB port, i.e. from 500ma to 1000ma, so now I can fully charge my Samsung S4 within 4 hrs (as compared to 7-8 hrs previously).
All it does is install a provisioning profile on the device to allow it to install any app it wants, that can make private API calls that would normally be rejected by Apple if they tried to submit the app.
So essentially, it allows them to install apps that have the exact same restrictions as apps for jailbroken devices. Or do I have it wrong?