Hacker News new | past | comments | ask | show | jobs | submit login
Don't Plug Your Phone into a Charger You Don't Own (pcmag.com)
153 points by vinhnx on Aug 2, 2013 | hide | past | favorite | 93 comments

I'd pay decent money for a small, neat little power-only USB passthrough/condom for peace of mind. Hotel clocks, planes, there's all sorts of places I'd like to charge my phone and every time it feels like a risk.

I have a 10,000ma/h battery pack i carry with me that I charge my phone with; when that runs out i charge it with any wall jack / usb port i can find.

Effectively the same thing, and portable!

Swappable battery > plugging in to charger in everyway. I'm amazed only a few phones have the ability to swap batteries.

I thought the argument against this was that then you lost volume to the casing, connector, removable cover, etc. which could be better used by a funny-shaped collection of various-sized batteries.

Battery swap requires a reboot (usually) which is bit annoying.

Do you know of any devices that don't require a reboot when you switch batteries? It shouldn't be difficult to implement. All you have to do is build a small second internal battery into the device that could keep the volatile memory alive during the switch.

But then there's no perceived need for it for 99% of users so, like many neat things, it will unfortunately never be built into mass-produced phones because it doesn't make business sense.

That same idea is apparently there in the upcoming Thinkpad T440s laptop (3 cell internal + 3 cell swappable). I really hope it catches on in other laptops and phones - I find I often go past a typical phone & laptop's battery span without a power plug around.

Thinkpads have supported a second battery in the UltraBay for a long time, as well.

FYI, they had this feature on PDAs of yesteryears since their battery life was terrible.

[RIP my Axim X30]

LOTS of phones allow a battery swap. As far as I know the only phone that doesn't is the iPhone.

Nexus 4 doesn't have an easily replaceable battery either.

Sony Xperia S, probably others. Plenty of phones have non user replaceable batteries.

New nokias don't.

iPhone, Nexus 4, and HTC One

Moto X

Wouldn't try it with the HTC One X

But if you swap batteries, then when you get to an outlet, you either need a special charger for the spare battery, or you need to swap batteries while charging.

the main reason to have spare batteries for me at least is to keep the spare batteries charged up and ready to roll. But yes this does require a specific battery charger. when i had my HTC Thunderbolt, i got a package deal with 2 batteries and a charger ( that also provided a USB port ) for < $20. I haven't looked for my S3 yet...

Like this?


"The CDL-02POWER is a type A male to type A female extension cable with only the + and - power pins connected.

This is extension for charging devices like ipods, Sat Navs etc. It allows you connect the appropriate device cable and charge the device through your USB port on your PC/Laptop with out opening up your webstore, itunes etc. While a device cable has data and power only the power from the extension is carried through.

Please note that due to limitations of 500ma output from a USB port, some devices may take longer than others to charge. "

The last line is the disadvantage. You need the data pins to enable high-current charging. I suppose you could create a digital "transformer" to isolate the iDevice from the port while still enabling high-current charging.

Could you include an inductor to prevent the data bits from changing fast and connect both lines to the power line so that if the power line was actually compromised the inductor would stop the attack.

You could just cut the data wires of the USB cable you wish to use. Simple, cheap and effective.

That would not work. Data pins are used to provide power negotiation, and in Apple's case using a proprietary protocol. At the very least you need some specific voltages on the lines to make it charge.



I imagine basically all of those convenience ports only put out 500mA anyway, so the negotiation isn't needed.

iPads require more juice. Whenever I plug my iPad into anything other than Apple's 10W adapter or a Mac, nothing happens.

I plug my original iPad into other USB devices that put out 5W and it still charges. The iPad says it's not charging but it does, slowly.

There are already such devices on the market. I just bought one three weeks ago for about $12. It even has a plug for car cigarette lighter (which is actually why I bought it).

It's called "3-in-1 charger" here in Europe and it looks like this:


What the GP is talking about is a little female-microusb to male-microusb that disables the data pins so you're sure the only thing going on there is charging.

I found this http://www.kickstarter.com/projects/671390578/juicebee recently which looks like a good compromise. There are many similar products on amazon as well.

Not exactly what you want, and limited to UK use, but I carry one of these around with me most of the time: https://www.themu.co.uk/

It's even smaller than I thought it would be, and so much more portable than a normal UK plug.

From the last time this came up, I found a few: https://news.ycombinator.com/item?id=5814193

I'd pay decent money for a small, USB adapter with the ability to swap the pins (for international travel) and a guarantee that it would reach at least 1.8A and 5V.

You pretty much just described the Apple charger. 10W, with multiple duckheads, will take any voltage and has the option to plug any standard figure 8 cable in if you have one lying around.

I'm so conflicted right now... I don't own any other Apple gear.

And? Its just a charger, not like you're supposed to convert to a new religion or anything.

Use this instead: Amazon Charger (usually shipped with a Kindle)


I believe those are 5 watts. That is the kind I've gotten with my eink kindles but my, kindle fire came with a different charger that I believe is 10 watts. I don't have any of them on my at the moment to check though.

the product name is

    Amazon 5W USB Charger

Ha, so it is. I only glanced at the picture.

This looks like it would do what you want: http://www.kickstarter.com/projects/david-toledo/the-practic...

> It turns out that any device you connect with an iOS via the USB port can obtain your device's Universal Device ID (UDID), as long as the device isn't passcode-locked

> The only defense is a very simple rule: don't plug your phone into a charger you don't own

These statements seem contradictory to me, unless I'm missing something. Shouldn't it be, "don't unlock your phone while it's plugged into a charger you don't own"? Or are they saying there are still vulnerabilities without the charger getting access to the UDID?

It sounds like "use a passcode on your phone and NEVER unlock (enter the passcode) while the phone is plugged into this charger" is also a defense.

Unlock to check your email while plugged in? Compromised.

This part also makes this a bit confusing: "As a final (and alarming) demonstration, they showed a Mactans-pwned phone turn itself on, swipe open, enter the passcode, and call another phone."

So can they attack a passcode protected phone or not?

Also, shouldn't this be one of those bugs they let apple fix first BEFORE they talk about it?

I understood it that the initial attack vector required the target device to be unlocked. Once the malicious code was installed, the attacker could then gain complete control, including passcode unlock.

You could alternatively use a USB condom; just a cable with the data lines completely removed.

(Well, for an iPhone they'd need to be tied together with a resistor in the other end, but the idea is still the same.)

Isn't that closer to a USB vasectomy? (not a sentence I thought I'd ever write)

It... actually is pretty much that.

It's more easily reversible.

The attack relies on the phone being unlocked for it to give up its UDID (and allow them to push the signed malware to it). If your phone is locked (with passcode) it won't be able to attack it as reliably. You can observe the same effect sometimes with iTunes (it complains the phone can't be read until it's unlocked).

They did mention a fix is coming in iOS 7 (explicit approval prompt on the device), but until then your "USB condom" is probably as good a stopgap as any.

It has been introduced in the latest iOS 7 beta 4 and asks if you want to trust each computer it is connected to.

It's fairly standard for me to use my iPhone while it is plugged in though. I wouldn't rely on the lockscreen presenting any real security in the face of unknown attacks.

At least it's providing security against a known attack.

While you're at it, add an indicator to show if the data lines are active. Could this be as simple as LED and resistor?

So where can I buy such a cable? I don't feel up to performing surgery on a USB cable myself.

Buy a cheap one. USB 2 and 3 aren't any faster at power transfer.

Cut it open. There are four wires and a braided shield inside. Look up the USB spec to figure out which wires to cut.

If in doubt, cut the wires that are not black and red. In general, red is power and black is ground.

Voila. Surgery. If it doesn't work, you're out a $3 cable.

I think USB 3.0 does provide more power but most smartphones and tablets don't support it.

I don't know, but I remember seeing USB cables that split into two male adapters a while back. The idea was that one of them had power + data lines, and the other only had data lines. This was at a time when most USB ports strictly adhered to the standard (i.e. limited power to 500mA per port). If someone still had one of these lying around, they could just use the male adapter that had only data lines (IIRC, that connector was red to distinguish it from the other one).

I was on a BA Boeing 777 the other day and the seat back entertainment system had a USB socket on it for me to plug in my own device.

All I could think was (a) why would I do that? and (b) that looks like a security vulnerability.

> (a) why would I do that?

To charge your phone? Also, some of these IFE systems can play back MP4 files stored on USB mass storage devices. The Singapore Airlines IFE system even has Star Office so you can edit office documents without a computer. http://www.flickr.com/photos/82365211@N00/2473197320/in/phot...

Most IFE systems are air-gapped from flight control systems, if that's what you're worrying about.

Most? Now I am worried.

The new 787 isn't, ostensibly to save weight.

And now I'm on some watchlist somewhere.

It is interesting because there was concern about rooted phones, especially for people like me, because I left ADB debug mode on. For the uninitiated, this USB bridge is like a serial connection that can, among a lot of things, open a terminal on the device.

The newest versions of ADB mode in Android have settings to address this. But at the time this was a big deal in the Android community (or I should say XDA), one recognized dev developed an app for it.


I am glad all phone platforms are getting wise to these things.

I knew there was a good reason XCode kept telling me it couldn't launch my app as the device was locked. So unless I missed something, if the device is locked this hack doesn't work.

As laid out in the article:

It turns out that any device you connect with an iOS via the USB port can obtain your device's Universal Device ID (UDID), as long as the device isn't passcode-locked. It just takes a second, so if you plug in your device while it's unlocked, or unlock it while plugged in, or just don't have a passcode, Mactans can attack.

Why only those you don't own? For all I know, the north Koreans/Mossad/NSA/Chinese government/... (Pick whoever you want as the villain) could have planted this functionality in every USB adapter Apple/brand X (pick whoever you feel could fall for this) sells.

IIRC the adapter would need internet access to add your devices UDID to the certificate.

Unless they use an enterprise signing certificate.

This title is a bit misleading.

It should be 'don't plug your iphone into a charger you don't own'

the other 90% of us are unaffected by this hack.

Your implicit comment that the link only points out an iOS vulnerability is correct, but don't you think it's good advice generally?

Instead of carrying a power pack or USB condom and what not, isn't it just easier to carry the charger you trust? After all, it's the untrusted charger you want to avoid, no?

A few of these plugged in at airport boarding areas with a "For your convenience" sign would be very successful.

I thought developer accounts were limited to 100 test devices per year. Does this get around that limit?

It would be nice if phone manufacturers would simply separate the power and data ports into two. Designers probably cringe at that suggestion because it would interrupt the sleek form factor but isn't it the best possible solution to this security risk?

Most consumers don't think about security beyond enabling a lock screen. Average people do not think twice about promiscuously plugging their devices into any ports they find. This attack vector is entirely off their radar. On the other hand, gadget purchasers care deeply about sleekness. Based on reactions I have witnessed, I suspect some people may even be sexually aroused by gadget sleekness. Therefore, at this point there is little incentive for a company to sacrifice their product's sleekness for a security enhancement. Until typical customers start caring I do not see a split-port solution happening.

Personally, I don't want to carry around a bunch of USB cables and a bunch of power cables. USB provides enough power to charge my phone. I'm glad I can charge with a "standard cable" (as long as I take a few simple precautions).

Wow -- this hadn't even crossed my mind. Regarding Android devices (mine included):

Could I just hide a tiny linux OS inside a charger? Then when someone plugs in the device just auto-mounts the SD card and copies away? Is it that simple?

Does android ask you for permission to be mounted or at least notify you?

Im still using an old n900 which asks you if you want it to just load its battery, be a modem or be a mass storage device.

I'm not sure if this is what you meant but mine always has a prompt of some kind (varied between phones) for connecting to pc. I'm not sure if there is a way to disable that or if it was phone specific.

Since you've got an N900, you can do even better than that:

- Different filesystems (unlikely this would work with anything but FAT based).

- Encrypted filesystems.

- Simply disabling the capability (I can't remember the last time I used USB data transfer on mine).

Of course, it's easy to do the above on a phone you actually have control over. Sorry, iPhone users.

No. My Sony xperia does not ask. It automatically mounts in osx

icons popped up in the notification bar that show its being mounted through USB for all the android devices i have ever owned: droid, htc thunderbolt, galaxy s3, xoom...

I've always wondered how safe those dirt-cheap USB hubs on eBay are. Seems like a potential attack vector for unsuspecting buyers where you also likely know the name and address of the victim from shipping it to them.

If you can order from Taobao (China) directly, here is the device I bought last week: http://detail.tmall.com/item.htm?spm=a230r.1.14.27.Op5P4y&id... (not affiliated, around $0.8 USD).

Another added advantage in using the device is it can double the current output from my Macbook Air USB port, i.e. from 500ma to 1000ma, so now I can fully charge my Samsung S4 within 4 hrs (as compared to 7-8 hrs previously).

I don't understand the threat.

All it does is install a provisioning profile on the device to allow it to install any app it wants, that can make private API calls that would normally be rejected by Apple if they tried to submit the app.

So essentially, it allows them to install apps that have the exact same restrictions as apps for jailbroken devices. Or do I have it wrong?

Well, then it installs an app. And yes, it's the same restrictions as apps for jailbroken devices....and they can take over your phone pretty easily (as described in the article). Sounds like you have the specifics right but may not understand the implications?

Okay. I just find the originality of the vulnerability exaggerated (e.g. giving the process some special name (mactans) when all it is is a dev account installing an app on a device).

The interesting part is that it can be done invisibly when you thought you were just plugging in to charge.

Just use a wall socket adapter. Problem solved.

Well... we have Ethernet over power line, so why not USB? ;)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact