Hacker News new | comments | show | ask | jobs | submit login
USB Condoms (usbcondoms.com)
376 points by lukashed 1114 days ago | hide | past | web | 140 comments | favorite



The sales page [1] has a bit more info on what these actually do.

[1] http://int3.cc/collections/frontpage/products/usbcondoms


Is it just me or is this a bit.. Over the top?

I've never put my phone into something to charge and thought "Hey, they might steal my data".


Because the NSA hasn't proven that they're willing to go through nearly unimaginable lengths to procure any and all data that they can get their hands on.

NSA hires hacker to install monitoring devices on all the samsung charging stations at O'Hare airport? Not out o the realm of possibility.

Six months ago, I would have called a comment like mine a little too tin foil hat, but not today.


Do they have USB-only chargers? I've only ever seen power sockets.


Boston Logan airport has certain benches dedicated to power charging, and for the most part they all have two power sockets and two dedicated USB charging ports.

I've also seen dedicated cell phone charging stations at other airports that have USB charging ports alone.

USB-only chargers in airports definitely exist, and are sometimes fought over in busier airports.


DTW has approx. 800 USB charging ports at gates.

I believe there are more USB ports than generic power sockets.

In my experience, the USB ports are all in use at any gate with more than 10-15 people waiting at it.


http://www.leviton.com/OA_HTML/SectionDisplay.jsp?section=53...

Newer/remodeled hotels and airports are full of these things now. They don't exactly jump out at you, they would be easy enough to miss.

AFAIK these things are just dumb voltage sources, they don't have any USB controllers that could be hacked. At least, the ones you and I can buy don't. But there isn't, in principle, any reason why they couldn't have such controllers, either.


Dreamliner has USB sockets for charging. I think you can also load media over them, but it might be iPod/iPhone only. (That's lame, but he Dreamliner has the best in-flight entertainment system I've ever seen; I usually shut them off, but they had enough Pink Floyd in the on-demand library for take-off and landing, which was nice.)


They had tons of them at JFK T4 last time I was there in February. None of them were connected to power.


Last time that I flew SouthWest, they had specific "charging seats" (that had power outlets and USB sockets for charging) in their terminal. (Note: this was maybe 2008 ~ 2009)


I've seen them in the Minneapolis airport at least.


A lot of airports are adding charging stations that have USB and power plugs for charging.


It's actually very serious. Just like ATMs, power stations can look completely harmless while being incredibly dangerous under the surface. Once you connect to a system via USB, it automatically allows data transfer, which makes your smartphone vulnerable to malware and data theft.

I can't speak for Android, but iOS 7 now has an automatic warning when you connect to new devices that asks if it should be trusted, presumably to mitigate this risk. However, I doubt anything less than a full hardware solution can actually eliminate the risk entirely.

There's a reason why conferences like DefCon warn you explicitly not to use power stations or ATMs nearby - they can be hijacked very easily.


Well, you should assume that everything out there would be malicious, and work from _that_; if you go to DefCon specifically, this is a reasonable expectation.

New-ish Androids pop up a "USB connected, do you want to use this" prompt as well; but many devices (esp. embedded ones) don't.


"The General Assumption of Security is:

The attacker is smarter than you, he has a bigger computer, he knows your own software better than you, and he is after you, specifically."[1]

[1]: http://security.stackexchange.com/a/19000


For most casual personal computing, anyone reasonably smart being after you already means you lost. If they also know your own software better and have a big computer, you never had a chance.


Well I do use a 11 inch laptop, so most computers are bigger than mine. Better go get a second roll of foil!


And if its like my wife's 11, the 64gig solid state would make getting all the data off easy and fast. Hope they like Breaking Bad.


Exploits like this have actually happened already against Android at conferences. Developers particularly almost always have the Android Debug Bridge (ADB) enabled on their phone. Then someone made fake USB charging stations that used ADB to pull all the files...


ADB now asks for confirmation to talk to a new computer.


Couldn't you spoof a computer fingerprint? The hard part would be figuring out which computers are trusted, of course. Perhaps there is a timing attack that can be performed to find out.


Not easily since it uses RSA to do host verification.


1. Plug your iPhone into a coworkers computer to charge for a minute 2. syncs photos 3. embarrassing picture.jpg.

There are numerous ways this can go down without even having to have some cool hardware device.


Of course, attaching a USB condom when your coworker agrees to let you use their computer to charge is an implication that one of both of you has a "slutty" device.


Mobile devices are inherently slutty.

After all, you never hear of a phone committing to just one outlet.

And consider how many people indiscriminately hookup with anonymous base stations at airports... That "Free Public Wifi" SSID is still being passed around.[^1]

[1]: http://www.npr.org/2010/10/09/130451369/the-zombie-network-b...


Or they simply try to avoid an unwanted USB child that could ruin their professional career.


Don't you have to deliberately set up sync?


On Macs, iPhoto will open up automatically by default to pull photos off. iTunes sync needs to be set up manually though.


iOS7 now prompts you to establish a relationship of trust between the phone and the Mac before it'll do anything data-wise.

http://allthingsd.com/20130801/ios-7-will-immunize-iphones-f...


Not for photos. The iPhone appears as a normal digital camera.


unless you have passcode


“Just because you're paranoid doesn't mean they aren't after you”

― Joseph Heller, Catch-22


Sounds like it would be pretty easy to steal your data.


If you are into unprotected charging, then that's up to you.


Such devices are supposedly in the wild; although actually meeting one at random would be pretty rare (as most of the usages seem to be spear-phishing: operations targetted to acquire data from specific people).


they've been found in airports before, but I can't remember when, so don't ask me for a cite.


You probably shouldn't go to hacker conferences.

(There was at least one trojan USB charger at Defcon this year)


This is a real concern. All phones are suceptible to malicious programs being injected via usb plug. Basically can make your phone into a bot for a botnet. It's like windows 98 all over again.


Perhaps you should, though. I mean, sure, normally you don't need to worry about it; but given how much personal data is being stored on our phones these days, and how easy this sort of attack would be (stick a charger in an airport that actually slurps up the data of anyone who uses it), it's definitely something to think about.


You probably would if you travel, or go to conferences...


Your proof that this doesn't happen is that you never think about it.

I often think about it, I guess that is proof that it happens...


you should


This is catering specifically to the market who does think that.


Two things:

1. The data lines can be very important in regulating power output for different devices, and there are different maximums for different versions of USB. Some devices require data communication to charge. Some require proprietary protocols. Implementing Apple product charging is somewhat convoluted, for example, and has changed over time.

2. A friend of mine is a computer engineer, and tells me that correctly implementing USB in hardware is incredibly difficult. It's possible that devices like these might be skimping on parts of the spec to more easily get a working product out the door.


I used to design these things. Yes they are difficult to design in the sense of RF engineering to pump that much data on a data line, but the power end of it is a very simplest design. It has a current cap to prevent damage to the regulator circuit and USB regular spec is 0.5A. Which isn't very much if you've ever tried to charge a phone off of that. Without the inner pins it'll default to the low spec (on a well design USB Host) but no damage or risk to having those inner pins float since they have internal pull up resistors. If the device decides to provide more all the better for you as your device is what regulates how much current it wants when an infinite amount is available.


>If the device decides to provide more all the better for you as your device is what regulates how much current it wants when an infinite amount is available.

If the host is capable of providing more power like 2.1A for example, how is that supposed to be signaled to the phone when the data lines are floating high? The way a USB charger that provides more current than the USB spec works is by pulling the data lines either to some voltage or shorting them together or to ground. Either way you need the data lines to negotiate that.


Yeah there's normally a negotiation via pins being grounded or through the level of resistance on that pull up which tells the device what spec is being used. That goes on to tell the device how much power it can pull without causing a power droop. If the pins are missing most devices won't try to pull more, like my phone won't... but I have a cheap external USB HDD enclosure that will pull what ever it needs from the line regardless of the pin setup. Most Mother Boards actually put out 1-2A on those lines so I can run the thing as normal, but the drive comes with this add on extension to hook it up to two USB lines to get around the 0.5A limit.

So it'll depend on how nice of a device you have.


Or if you have a "nice" device like an Apple product, the voltages/resistances on the data lines will determine your charging speed. And then there's USB dedicated charging spec ports, like the ones that can put out 2100mA, but that's luckily out of scope of this device...

http://www.extremetech.com/computing/115251-how-usb-charging... http://learn.adafruit.com/minty-boost/icharging


The "condom" can be designed to be transparent with regard to one or more kind of power negotiation, though this would require a microcontroller, and possibly some analog circuicity for proprietary resistance-based negotiations.


A microcontroller actively doing the current negotiation would be nice (for things like working at the maximum power of both android and apple chargers) but a much simpler and dirt cheap solution would be to hook the data lines up so that they go through a simple filter that filters out everything other than the DC bias so power negotiation would work normally for chargers but no data could cross the cable.


There are ICs that do this negotiation already.

Like the MAX14636: http://www.maximintegrated.com/datasheet/index.mvp/id/7968


Then the condom would be a target for hacking! You've just added another layer to the problem...


That's kind of like arguing that seat belts can cause strangulation.

There are always risks, so we just have to choose the less risky option available to us.

So between these two...

A. The black box charging station I know nothing about.

B. The simple device that I brought from home whose single purpose is to limit my exposure to external risk.

I'll take the latter.

Odds are I'm no worse off than had I plugged directly into the charging station.


> Implementing Apple product charging is somewhat convoluted, for example, and has changed over time.

If that and other things you claim are real issues then, every dumb usb power brick, every old computer/old charger, every non-apple charger, and others would all have problems.


> Implementing Apple product charging is somewhat convoluted, for example, and has changed over time.

It is? I've never had any problems with cheap AC to USB power adapters.


I think they are referring to the higher power ipad charging that pushes more amps down the line than the spec calls for. There is some kind of trigger used to tell the charger to send more juice. This device will probably cause that to not work. So, an ipad on this would only charger at the standard/lower rate.


The trigger is just grounding the two inner data pins together. This is ok since the data pins are loose pull up so even if the device tries to send data on something with those shorted no damage will occur.


Right, but my point is that this device won't work with those 'high current' charging devices (at the high current, it will only will only send the standard amps). Unless they included the logic to test this, which, I suppose, is possible.


Probably because those cheap AC to USB power adapters are specifically designed to charge iDevices http://learn.adafruit.com/minty-boost/icharging


You're correct about the need of the data lines for power negotiation. The LockedUSB kickstarter is creating a USB condom but with power management: http://www.kickstarter.com/projects/1137339450/lockedusb-ada...

Note: I am in no way affiliated with the above kickstarter


I have created my own battery usb charger (it takes d batteries and gives a usb port). I simply placed a resistor to a data line and that was it. I understand the idea of power negotiation, but felt like it was way more work than it was worth. I didnt need any complicated circuitry; just a battery, resistors, a couple of wires, and a small dc-boost circuit (to drain the batteries as much as possible).


You are right. I made a review of the USB Condom in my blog, talking about the shortcomings of their implementation: http://multigrad.blogspot.ca/2013/09/review-of-usb-condoms.h...


just like with a real one... it will be a boring experience and you will be limited to half Ampere of fun. But no harm.


Even easier, although not as nice-looking: get a common off-the shelf USB Y-cable, plug the power-only male into computer, plug phone into female outlet; done. See e.g. http://easyshop.kiev.ua/images/shnuri/shnuri/Usb-y-power-cab... for an illustration what the cable looks like.

(I have been doing this to charge my phone, as even the USB mount dialog confuses some apps)


There are actually charging only USB cables out there as well. Heck, I suspect the cable that came with the Chromecast is one, just to save money on data lines that would never be used.


but why buy another cable, with all the fumbling and whoops I used the wrong cable, when you can buy something that you permanently "by default" keep on the end of the cable that you already have, and take off when you're ready to use the cable for serious.


Dead link.


Hmm, weird. Just try searching for "USB Y Cable" images, lots of results like these will pop up:

http://www.everythingusb.com/images/list/apricorn-aegis-bio-...

Basically, it's a USB extender cable, with an extra pair of power wires soldered on and terminated in a USB male header - the original use is for power-hungry disks, where you'd plug both the male headers into the computer, increasing the available power (as USB 2.0 can only give 500 mA through a single port, per spec), at the cost of hogging two USB ports. It can be re-used as a USB condom as well.


Works for me. It's the cable most portable/USB hard disks come with.


For those who didn't click through everything: This devices is an adapter that cuts the data lines for a USB connection.

Such a device will most probably restrict the device (if it properly implements charging) to a maximum charging current of 100mA. The data lines are used for identifying the maximum current allowed.


According to these guys, if the data lines are shorted according to the "dumb usb" spec, you should be able to draw whatever the port can provide: http://www.portablepowersupplies.co.uk/portapow-fast-charge-...


You can stick a resistor on the data lines to pretend to be a high-power charger.


Or implement other identification mechanisms that exist or might evolve. Yes. But in the same run, that might take too much from the port you plug it in mistakingly. If you don't trust the port, you will often not even know what it is. It's probably safe to assume it will indeed give you 500mA (when it's in the device or a powered hub). What about the 1500mA ones?

That said, if one desperately needs to charge a battery, one is likely to take even 100mA. Cutting two lines of a cable doesn't seem that hard and ugly compared to a un-encased PCB, though.


What? A patched-together table is much uglier than a bare PCB, particularly with nice layout.


Depends if your use case involves coming into contact with anything conductive.


I heartily approve! The 'juice jacking' discussion (https://news.ycombinator.com/item?id=4951712) was calling out for something like this. I hope they sell a zillion of them.


How much do they cost? They're sold out now so they don't list the price. Does anybody know how much they run? Seems like a really good idea to me, there are lots of known USB hacks for phones and somebody smart could probably find away to get the trojan back up on to the person's primary computer.


Nifty idea. If you want to make it even better, have it simulate the iPhone/iPad charger ID circuitry so that I can charge my iPad off any old USB charger (provided it's rated high enough).

Edit: Actually, scratch that. Leave the data lines connected, but "short" them to the V- line (or shroud, should hopefully be the same thing) with a small capacitor to act as a low-pass filter. I don't have the specs in front of me, but it should be easy enough to filter > 1Mhz down by 3dB and still keep the DC "slew rate" enough to properly ID a charger.


This is how this USB condom should have been made while making sure to use two separate capacitors instead of just shorting the data lines together. The only problem with this approach is that it's physically possible to make a special USB host that pumps enough current down the data lines to fill up that tiny capacitor every cycle. Might want to throw in an inductor for the extra paranoid.


It depends on the size of the capacitor. And even with smaller capacitors, any device which is capable of producing a signal strong enough to overcome even a simple passive 3dB filter well enough to get through the USB handshake, let alone actual device operation, would almost certainly be quite large as compared to a regular charger.

Adding an inductor would screw with things, but if we're being really paranoid here, active circuits can measure the resonant frequency of the line and overcome it. Or, even if we're not being paranoid, you've now given someone a nice RCL trampoline to bounce a nice high current into your phone's USB data lines.

There are a few ways to protect against all of that if you want to be really paranoid. To start, you could go with a higher order active filter built from a cheap op-amp circuit.

More complex varieties could include the use of a tiny 8-bit uC programmed to control a digital pot on the protected side, and an optoisolator somewhere in there just in case there's some weird failure mode which causes a signal path to short from protected to unprotected. The benefit of something like this would be that the controller could also control a light or buzzer to alert the user when a signal is detected on the "unprotected" side.

Cheapest and most reliable might be to pump the output of a simple RC high-pass filter into a simple RC low-pass filter (translates to DC bias) then feed that to a comparator which latches the signal lines open (and sounds an alarm) if signal is detected. Or better yet, make it normally open and close only when signal isn't detected.


minimum viable product first. Then iterate.


When I feel my batteries are low, I like to get my juice flowing by plugging in to the nearest socket available. Sometimes, I even get a surface to sleep on, and when that happens, often I get to load up on media. Sometimes when the media's done there's some funny business. Occasionally, I even get a special powerup for breakfast. There's nothing like waking up in the morning after a new encounter, wealthier for the memories, fully charged and ready to go. - Anonymous mobile device, 50 Bistreams of "Hey!"


Can't you achieve the same thing with a cable whose data lines just aren't connected to the jack? Why do you need a whole circuit?


Because you don't know that you can just cut the data wires in a cheap USB cable, and want to be 'protected' by a cool hipster toy that'll sit in your laptop/phone baggie until you're at some party and can shout in triump when someone plugs in their phone 'just to charge': "NO, USE MY USB CONDOM!!"

EDIT: if this thing actually had some diagnostic LED's that would show you that the 'power port' was trying to do something nefarious on the data lines, it'd be a lot more useful than an ultra-cheap snipped cable imho ..


Sure. The advantage of this is you don't have to cut open one of your cables, you can easily (and visibly) decide whether you want the data pins connected or not and this works for any USB device, ie. USB micro as well as Apple and other proprietary connectors.


you can easily (and visibly) decide whether you want the data pins connected or not

You could just get two cables, and only patch one.

this works for any USB device

So would the cable option if you used a male / female cable instead of a male / male one.


actually I think you can just stick some electrical tape over the data pins in a standard USB cable. not sure how this device does anything different.


There is a ready made charge only cable from Mediabridge. Amazon: "Mediabridge USB Charging Cable - (6 Feet) - USB-A Male to Micro-B Charging Cable"


Everyone wants to reduce their risk, but not everyone wants (or is competent) to do surgery on a cable or terminator. And if you have a custom cable you like or a weird charge port on your device, you'll just want something you can interpose rather than a whole separate system.


This $3 "power only USB charging cable" is another option: http://www.ebay.co.uk/itm/POWER-ONLY-USB-Charging-Cable-Exte...


"If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-)"

Exactly. Better safe than sorry.


If you have enough space to lug one of these around you might as well carry with you a complete wall-charger all the time.


Recently, it comes to light that those handling the Snowden files are using air-gapped computers and passing encrypted data to the outside world via ... USB sticks.

Can't USB sticks execute arbitrary code? Couldn't an attacker infiltrate the publically accessible computers that these people use and put a data-stealing trojan onto USB sticks used to bridge the air-gap?

Do other media that most computers accept these days e.g. sd cards support arbitrary code execution too? How can you get around this?

EDIT: it was DMA attacks that I was thinking off, and USB seems free of them at least. I guess, if you trust the robustness of your USB stack against exploit, that USB is a fairly safe bet. As these very people are reading the NSA secrets, one wonders what'd happen if they discovered some hint that that NSA could do precisely that - exploit via USB plugging in.


For some idea of what it's possible to do when you plug something into a USB port, watch this:

http://www.youtube.com/watch?v=D8Im0_KUEf8

(Travis Goodspeed's "Writing a thumb drive from scratch" presentation. It's got some fascinating and potentially _very_ scarey ideas…)


Can very much recommend this talk. Spoiler: you can differentiate an operating system booting from e.g. a forensic device doing a backup, by looking at the access patterns.

Also note that the USB spec is rather complex, and some parts of it will be invariably implemented in software. Often in very high-privileged C code. As such, it is likely to contain critical errors. Heres one for the PlayStation 3 that emulates some garbage on a USB port to get fully privileged code execution:

https://github.com/psgroove/psgroove/blob/master/psgroove.c


A USB stick could be anything, but if it is simply a proper USB mass storage device, it, by itself, can not execute code on the host machine.

To execute code on the host machine, either the host machine has to be stupid (like many Windows versions that try to automatically execute code from plugged-in devices without user interaction) or the device has to be malicious, trying to exploit weaknesses in the host machine.

----

Now, for the files being put on these sticks, there are probably many opportunities to inject a trojan.


It's an OS issue, not a medium issue. That is, any storage medium is a risk.

USB is particularly interesting because a single USB device can turn into a hub or a completely different device at runtime. So you can have a USB flash drive suddenly become say a keyboard and start typing stuff in.


IIRC Stuxnet relied on USB sticks to cross over to air gapped hosts.

But I think it only works on certain OSs that have "autorun" or whatever enabled. Or perhaps a vulnerability in the USB stack.

Thunderbolt, on the other hand, has much more low level access to hardware and can apparently read raw memory/devices.


It's possible, but I'm not sure how likely.

The USB stick would have to exploit some vulnerability in the handshake process to run attack code on the host. In order to prevent that, you'd need a "USB sanitizer" that proxies the communications over the data lines and prevents any traffic that it deems unsafe.

This device, off course, can also be the target of an attack.


It was an old Windows problem that it automatically executed code on mounted media devices. But I hope this was fixed on Windows in the meantime and other OS don’t have this problem.


It's deeper than that. You're plugging a device into your system's bus, the attack surface is huge for that device to steal or modify your data. USB device is a very different beast than CD.


Your "usb stick" could be a usb keyboard which changes your password and sets a new one, even sending the data over a 3g connection to an adversary.


Most applications & the OS require you to type in your old password correctly at the time before allowing you to change it. I don't see how a usb-stick which pretends to be a keyboard could do that.


It might be a bit smaller, but the concept has been around a long time (I use my external hard-drive's cable):

http://www.amazon.com/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Achar...


Does anyone know how the voltage negotiation works for those?


It doesn't - therefore, a to-spec USB2.0 host should not give more than 100mA over the condom, but good luck finding such a beast (most hosts will happily serve 500 mA w/o negotiation).


Nitpick: It's current negotiation, not voltage negotiation. As for voltage - 5V is universal with USB. And as for current - I wrote about the matter in another reply to the OP: The problem will be a well-behaved USB device simply won't take more than 100mA. I.e. it will use the "flat" charging curve, even if the host could deliver more.


> As for voltage - 5V is universal with USB

Nitpick for interest's sake: apparently there's a new (2012) 'USB Power Delivery' spec[1] which specifies two new voltage levels (12V & 20V) in addition to 5V, with higher current limits (2A at 5V, 3A at 12V or 20V for microUSB connectors). Obviously both ends (and the cable) have to support it; I don't know if anything actually does yet.

[1] http://www.usb.org/developers/powerdelivery/


Pedantry: That should be obvious from the units, wouldn't it? (Volts for voltage, amperes for current, ohms for resistance) I do agree that the general public uses these interchangeably, bringing confusion :)

As for a well-behaved device - there aren't very many of those, either. Fortunately, this is less of a problem with USB3 - more devices follow the spec closely.


Interesting. But I'm looking for the opposite. I often have to access my phone, kindle, whatever data, but do not want to charge it. But I guess the usb controller will not accept a data-only connection.


There are a number of devices (say, USB thumb drives) that run off the power provided by the USB spec, so, no, that wouldn't work for those devices.


not sure what your other respondent is on about.

considering there are usb devices which are self powered, i doubt the host controller would be a problem in this situation.

without power on the bus, your phone or kindle might not realize they're connected to something, or wake up and try to communicate with it.

you basically just need to cut one wire of the cheapest usb cable you can get your hands on, and then you'll know for sure.


At first I thought it was a device which would prevent an infected computer from writing malware to the inserted flash drive, as a hardware antivirus.


Oh, this is fantastic. I've been wanting to build something like this into a few cables, but this is even better.


I guess I'll just have to wait until they release this in magnum size to accommodate my monster dongle.



The all NSA scandal is a quite sad revelation, but there a re so many business idea to built off it.


Great idea and cute name, but why would you market this on Friday when you won't be taking orders until at least Monday? Seems to me you just lost out on a bunch of sales by showing it off early because it likely won't make the front page again on Monday.


This reminds me of when vendors at tradeshows used to sell "floppy disk condoms" as novelty items. I think there was also at least one transparent keyboard cover billed as a "keyboard condom".


>"Any port in a storm." as the saying goes.

Love the humor, usbcondoms crew! Another one I hope you find a place for in the future: "In the dark, all cats are gray" -- Benjamin Franklin. Yes, really.


Well to continue the metaphor, I guess I practice abstinence.


You puritans. Is it still purgatory for me if I try plug USB into the MagSafe?


It could be way more popular if these wouldn't be called 'condoms'. Some people can get offended and wont buy it even if it would be useful.

Just my 2 cents.


Why would someone be offended by the word "condom" ?


the USB Condoms nomenclature is likely the reason it is getting exposure. For a first run, I'd say it was definitely successful considering its sold out. But you're right, retail would probably suggest a name change.


USB prophylactics?


USB Data Isolator.


I would like the reverse, block the power lines, so my raspberry pi does not use the backpower of my USB hub through its front USB ports:)


This doesn't really protect you from a more subtle attack: setting up a femtocell access point for your phone to connect to.


Well, like everything else .. Marketers are betting on the laziness of people.

Why tell someone he can lose weight by working out and eating less, when you can sell them a pill that makes them lose weight while they sleep and get abs in 7 minutes?

Why learn programming in several years, when you can "learn programming in three days".

Why tell people to be cautious with their data, not to click on everything, when you can sell them a "condom" that enables them to remain reckless and careless and lazy ?


Some attacks do not depend on user interaction ("clicking"); plugging the device in might be sufficient. Thus, hardware air-gap becomes necessary.

(of course, this just shifts the problem around: now you need to trust the "usb condom"; but given its simplicity, it should be much harder to put anything nefarious there)


Yeah. I looked at it from a "consumer education" perspective, but it is unrealistic to ask for that. Not everyone is interested in those things.

However, what does that thing actually do ? How does it work? Signatures ? Block "autorun" or something ? I didn't see any details.


The USB condom? Much lower-level than that: no data pins, only power.


You can also just cut wires 2 and 3 of your cable.


There are external batteries for phones, when you charge through them I think no data will be lost.


As long as you trust your external battery


I can't believe nobody has made any "pull-out" quips


Yay! I don't have to build this anymore.


Great idea. Awesome name.


is it me or this thing is huge ?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: