Hacker News new | past | comments | ask | show | jobs | submit login
USBCondom (crowdsupply.com)
247 points by lelf on Aug 23, 2014 | hide | past | web | favorite | 92 comments



The board looks a little fragile. A tool like this (which is going to be used on the road) needs to be as solid as possible. For $10/unit it seems like they could afford to at least give it an epoxy surround.


I bought a few, the ones I got had a thick clear plastic wrapper that's not in the pictures.


They're using PCBs from oshpark.com which are quite thick (1.6 mm). I've made a USB dongle using their PCBs and it's actually fine. The connectors have sturdy tabs on the sides that go through the board.


This was my first thought too, I'd bet £5 that the port on that thing will snap off within a week in my bag


I think it's on purpose. Looks cooler, gets attention of your fellow coffeeshop nerds.


I doubt it - it's because it's pretty trivial to make a PCB like that with components - one could design the PCB in maybe an hour and then manufacture is really easy and cheap - probably about $1 each for those boards even in low numbers (check OSHPark.com).

In contrast, making a case is much much harder. There really aren't any good low-volume case making methods. Injection moulding is out. Machining from aluminium is an option here, but it's very expensive. There's resin casting, but that's difficult and I don't know if it's really suited to manufacture.

Honestly, making the case is 10-100 times harder than the PCB (for such a simple one like this anyway).


3d printing is an OK solution to low-volume cases.

tinkercad.com to create an stl file, and shapeways.com to print it out.

(simple) PCB design and production is super quick and easy though, you're absolutely right.


3D printing is still far too expensive for thing like this unfortunately.


I say "looks cooler" and you respond by saying that it's easier to make. Since when does "cool" equal "difficult to produce"? And why didn't anyone tell me about that rule in high school?


He's saying that they didn't do it because it's cool, they did it because it's harder to make a case than a PCB. And I agree. It's insane how many "I made this board, how do I get a case for it?" posts I see online from n00b hardware hackers. An engineer with experience will consider packaging from the outset. Thinking about it after the fact can make the manufacture much more difficult and expensive.

That said, I think $10 is a good price for something like this. I, personally, would look for a corporate/industrial application that would justify a price 10x that.


Err... yeah, you said they didn't do a case because it looks cooler without one. I said no, they didn't do a case because it is too hard.


yeah, but it's also suspicious looking to a laymen at an airport whose inspecting your luggage.

i've been hassled for a cubieboard. (a single board ARM computer). They seem to hate exposed PCBs. You'd think they would have seen quite a few...


Or you just cut two wires in a normal USB cable. No need to buy condoms!

I think the board is because some power sources might go "hey I'm leaking, there is no device but I draw power!" and cut it off, but I only ever heard about it and never encountered it. My USB ports nicely power fans without ever having a data connection to anything.


You can get a certain amount of power from USB without a data connection but to get more (which higher powered devices need to charge quickly or, in some cases, at all) you need to send a data signal to request it. So cutting those wires sort of works but will leave you with slow charging for some devices and no charging for a few others.


This is not true of most chargers. It is true of some devices that they look for the data lines to have some voltage rather than be left floating. There are 6 different 'standards' for this so you end up needing an IC like this[1] to detect which one the device is using.

Note: USB-PD changes the game a huge amount. You do need to speak USB to upgrade power there. But I've yet to see USB-PD in the flesh.

[1]: http://www.ti.com/lit/ds/slvsby8b/slvsby8b.pdf


Actually this is true for MOST charger, the one that don't usually end up overheating and having a very short life spam. the reason why most people think this is the case is because when the device cannot be identify the charger default to the the data line shorted and to provide the typical power for which ti was design. https://lockedusb.com/pages/


For iPads and some other devices which require a 'signal' on the data pins, you would need an adapter to force the thing to charge. These adapters also act as a data condom, and are super-cheap:

http://www.amazon.co.uk/dp/B00E8ALIYU

http://www.amazon.co.uk/dp/B00E8AJ41E


If all they need to do is signal requesting higher amperage, why are there different ones for different devices?


Different manufacturers' devices expect different voltages on the data pins. A voltage which says "yeah, draw 2 amps" to an iPad may not indicates the same thing to a Samsung device.


Cutting the wires will cause iDevices to charge at 500mA only.


Okay that explains then: Apple needs to be a bitch about things again.


USB charging ports use the data pins to signal a request for more than 500mA. If you disconnect the data pins, how can any device (apple or anyone else) get more?


Couldn't charger have a current limiter set for charger load capacity and the device could just have resistance such that at 5V it would draw as much power as it can handle?

The obvious drawback would be that such device connected to charger without current limiter would burn it.

Then again I just burned a charger that had multiple sockets by connecting Samsung Galaxy Note 3 and iPad2 to it. It advertised via data lines capacity for 2A charging on all five USB sockets, but had total capacity of just 2.5 A.


I didn't know any single USB 2.0 port could serve more than 500mA regardless? Alas charging through the powergrid is way faster than through your laptop. In any case I think that USBcondom is talking about is power hubs (i.e. custom hardware that could spread malware) and not specifically laptops.


The charge pins on a battery charging input could be used as a makeshift i2c to communicate with a smart battery chipset, thus communicating the same intentions ("hay! give me more!") without any additional wiring or need for access to the USB subsystem, while making use of the USB form-factor that's so ubiquitous today.

if lithium batteries weren't so problematic when overcharged you could float-charge everything pretty efficiently, then you wouldn't even need a management system.

Our current way of doing things is probably here to stay, though.


Since the whole concept of this 'usb condom' is to physically disconnect the data communication, re-designing the protocol to use the remaining pins as a data channel would defeat the whole point.


No, the point in the redesign of the protocol would be to eliminate the need for a 'USB condom'.

A data channel isn't a data channel. USB is designed to be widely used by many industries, as such the standard has provisions for many use-cases. A battery data channel is only for the charging equipment to communicate with the battery's chipset a limited amount of parameters. The data being transferred is incredibly limited, and can thus be sanitized easier when compared to USB.

A protocol designed in such a way would also be easier to test, as the scope of vulnerabilities would be much more limited than a general purpose data channel.

Regardless, it was merely a possible answer to

> If you disconnect the data pins, how can any device (apple or anyone else) get more?"

and really wasn't meant to be a valid product or concept. Just a fleeting thought.


Not sure how this would work, even i2c devices need a dedicated power/ground line in addition to their control/signal lines.


Yeah, i'll just tell my mom how to do that... one sec. It's a lot easier for me to go "hey mom, evil hackers can get you if you plug into an airport" "use this"


Still, you could either make a cable or buy one with only two wires.


It's the device, not the power source. I have an old iPod shuffle that won't charge at all with of those USB wall chargers - it requires a computer.


Or in software (Linux):

    # cd /sys/bus/usb/devices
    # for n in usb* ; do echo 0 >$n/authorized_default ; done
...so that no drivers or userspace programs are allowed to communicate with any newly connected devices.

https://www.kernel.org/doc/Documentation/usb/authorization.t...

Of course this only prevents the USB host, you'd have to disable all USB-gadget daemons on your android phone to not have the charger tinker with the phones's data.

NOTE/added: I just realized that the main purpose this is marketed is to protect the phone's data. I'd me more worried about the computer if someone asks me to lend some juice...


yeah but then there is badusb

http://www.wired.com/2014/07/usb-security/

which attacks the usb firmware on devices. ANY data communication and your usb device/port itself can get hacked

the usb condom might actually prevent that,


Are you sure? As far as I could tell that thing was about messing with the firmware after you've already gotten control through normal communication.


Or you could buy one of the charge-only USB cables I saw all over Asia. They are a bit cheaper than the normal data-carrying ones as they have fewer wires.


This!

I got lot's of these things from portable usb batteries.


Electronics people: why are there any components in this at all? If it's just about disconnecting certain pins, couldn't it just pass the power lines through and be half the size without a PCB at all? For example, it could easily be a cable missing two wires, right? (Note: I'm an idiot when it comes to electronics, so I'm genuinely interested.)


According to the USB spec, a device must complete a protocol handshake and declare a desired voltage level before the host is allowed to supply anything more than a minimum voltage. In case of the USB condom, this handshake would have to be executed by the condom.

I'm not sure how widely implemented this behavior is for "dumb" USB chargers though, as opposed to actual hosts though.

But it might be that they want to preserve compatibility with actual hosts, in case that you i.e. want to charge on a public PC. Or they want to make sure that even if your charger is actually a disguised malicious device, you can still use it as a charger, which would be kinda ironic.


That's correct. LockedUSB adapter disconnect the data lines however it have an internal controller that still negotiate and complete the USB handshakes so the device can charger faster while being safe. http://www.lockedusb.com


The USB spec identifies different types of charging ports based on the resistance / voltage connected to the data pins. Here's a chart with the USB spec (on the ends) and a couple manufacturer variants: http://i.stack.imgur.com/gWODO.jpg


Maybe some devices don't charge at max rate when they sense something "wrong" with the cable. Or the other way around, a computer may not deliver power if it doesn't sense anything actually connected to the power. Just speculation.


What are the fundamental flaws in the USB protocol that make it insecure? I know firewire allows for DMA, but I didn't think USB, besides being a complex serial protocol, had any intrinsically unsafe features?


-firmware errors

-lack of authentication

-stack errors (root on PS2 at one point)

-physical silicon bugs ( I have a broken mouse that WILL make any windows computer act funny/crash apps/crash whole Intel usb hub)


It's not the protocol but the fact that USB devices are just too trusting. Plug your phone into a USB socket and you've little protection against it communicating with whoever is on the other end of the USB connection.


Is this not why my phone asks me what I want to do when I plug it into the computer? USB debugging mode, charge only, and another option or two that I can't remember right now. If I select "charge only" will I be secure in the same way?


This really varies from phone to phone, sadly. When I plug mine in I am only given a choice of which protocol to use to give the host computer access to all my files (and it connects using the default one as soon as you plug it in).


Unfortunately, this isn't universal.


There's not a fundamental flaw with the USB protocol per se.

It's more about USB being implicitly trusted by the software/OS - in addition to that there's driver bugs to be exploited. Here's a few fun things you can do https://www.youtube.com/watch?v=x-7ezoFju6I


It's the fact that you're using the same cable to charge and for data (which is also one of the things that makes USB really useful), now add that the devices tend to not to be hugely secure and to just trust whatever they've plugged into (or at least trust after popping up an easy to miss dialog) and you have a (potential) problem.


Do a search for "Facedancer". The USB hardware can be attacked as well as the host operating system over the USB interface. All of the same kinds of bounds-checking and parsing errors that can happen in the network stack can also happen in device drivers.


It's not a pure USB risk. That plug on a phone can usually do a whole swath of protocols including serial consoles and they're probably not secured.


See also the extensive discussion from a year ago:

https://news.ycombinator.com/item?id=6379272


There are multiple projects/products out there for this, some of which are linked here and some of which are not. Not all are currently available. There was a fair amount of discussion and useful information in a Brian Krebs article: http://krebsonsecurity.com/2014/06/gear-to-block-juice-jacki...

USB Condom: ~$10, available. Tends towards either a bare board with USB connectors or that board with plastic shrink tubing on it. (https://www.crowdsupply.com/xipiter/usbcondom) (http://www.usbcondoms.com/) (probably an earlier version but the same person: http://int3.cc/collections/frontpage/products/usbcondoms)

UmbrellaUSB: ~$12, available soon? More polished/finished looking than the USBCondom, got their information on voltages from the USBCondom folks (see comments in the Krebs article above). Working on fulfillment of their Kickstarter (funded July 3). (http://www.umbrellausb.com/)

ChargeDefense: ~$??, a "coming soon" page, a picture of a prototype, and maybe more in September. (http://www.chargedefense.com/)

LockedUSB: ~$20, available. More technical details available, more expensive and very blocky looking - expect it to block any adjacent ports. Technical information indicates that the single unit should work with both Apple and non-Apple devices (https://lockedusb.com/product/lockedusb-adapter-charger-fire...)

Practical Meter: ~$20, available. Protects ONLY when used with their optimized 3-in-1 charging cables otherwise passes data through. Provides a 5-bar indicator of current. (http://www.powerpractical.com/product/practical-meter) more details in their kickstarter (https://www.kickstarter.com/projects/david-toledo/the-practi...)

PortPilot: ~$60, not yet available. Much more expensive, MUCH more informative, switchable between data/no data. Includes a display showing possible and actual power draw, etc. Almost a development/diagnostic device. (https://hakshop.myshopify.com/products/portpilot)

At least 3 listed below via Amazon (2 in UK): PortaPow $7 (2 versions, www.amazon.com/gp/product/B00GC4AJOU, looks like a "beat you to market" device), and Pisen ~$1.70 (http://www.amazon.co.uk/dp/B00E8ALIYU and http://www.amazon.co.uk/dp/B00E8AJ41E).


I've got the LockedUSB device. A bit clumsy, but it works as described.

I have several PortaPow devices too, and they work great (except for creaky connectors and plastic), so if I hadn't already the LockedUSB I wouldn't have a second thought buying their USB Fast Charge device since it's smaller and cheaper.

If you carry a USB cable around you might as well carry one of these. (But then again, you might as well carry a charger too, so I'm not entirely conviced -- but I did have use for mine once or twice so I can't really regret it.)


There is also: http://www.amazon.com/dp/B00EB3LRAE/

Which apparently signals to the charging device to output higher amperage, as cutting the data connection will make some devices only provide 0.5 amps. Not sure why this one is branded "for Galaxy", as the charging device shouldn't really matter.


Because iPads expect a different voltage, so the device has different resistors inside. The one I used for my original iPad is by the same brand, but says 'for iPad':

http://www.amazon.co.uk/dp/B00E8ALIYU


Looks like this is equivalent to a dedicated usb charger.

There should be an option to enable data transfer, currently you have to physically remove it.

I would love to have something like this, if it enabled my devices to be read only; some usb flash drives have a physical button to enable that.


Enabling for read-only in the general case simply wouldn't be possible. The device would have to know every USB protocol that could possibly be spoken and which commands are for reading and which for writing (and what to do with commands that do both).

You could maybe make now that only worked for USB storage devices and only allowed reading, but it would likely be complex and have other downsides (lack of performance and compatability issues probably) that would make it not worth it.


This would basically be a packet-inspecting firewall for USB instead of IP. I agree that this would pose a number of technical challanges as a lot of the tools and optimizations we have in IP stacks don't exist for USB, but I don't see how that would be principally impossible.

In fact, as there is a lot more standardization in USB profiles than in IP protocols, it might even be easier. I.e. if you just inspected messages of the mass storage profile and blocked everything else, you might already get pretty far. I agree that the performance problem would stay though.


I don't think you could make a IP firewall that enforced read-only either, at least not in a general case.


You'd have to have knowledge of what protocol was being spoken. Otherwise, you don't know of if a packet going back the "wrong" direction is a control mechanism (request for data, flow control, etc) or data itself. In terms of ethernet, you could possibly do UDP, but you lose any sort of error handling or flow control.


Honestly the Wired quote is a much better summary and gets right to the point.

"Many public locations now offer USB charging stations, but it's a trivial task to modify one of these to allow an attacker to access your data. Int3.cc's device cuts off access to the data transfer pins on the USB port, while still permitting access to the power supply."

Way too many words on that page before just getting to the damned point.


It's worth noting that this is unnecessary for iOS devices, where plugging your device into an unknown USB port prompts you to either "trust" or "not trust" the computer in question (with "not trust" disabling data transfer).


Do you trust your "trust" and "not trust" settings? Are you sure that there are no backdoors in there, or bugs that could still lead to device getting hacked?


Do you trust your (USB) condom?


Honestly? No. There's a bit too much electronics in that one for my taste. I'd happily trust the one designs of which I audited, and board I soldered myself. But until I get over to doing this, I'll be stuck with just cutting data wires.

EDIT: I retract that. From what I can tell, it's just three SMT resistors on that board. So it seems fine to me.


knowing how well apple does embedded security, there's probably a vulnerability that'll allow bypass of that feature - it's just a matter of how long you want to invest in finding it.


what embedded security screwups has Apple had? (Not asking because I don't believe you, rather because I can't think of any)


Most iOS jailbreaks have required a USB connection, so it seems the USB port was/is an attack surface. I haven't looked at the individual exploits used in each jailbreak, though.

And this is a more "embedded" example: http://www.tomshardware.com/news/Apple-Lightning-Cable-Hacke...


It's been a while since I looked at it, but they were often used to get the phone into DFU mode and upload data that way. Seeing as DFU mode requires the phone itself to be rebooted, you'd likely notice what was going on unless you left it unattended.


Mobile USB charging ports (as found in airports etc) are more of a gimmick than anything else. A shoddy one will easily damage your device, and if you're constantly plugging into different ones, that seems like just a matter of time. Plus, an unknown one will most likely just put out 500mA (slower charging), and USB A connectors aren't made for high insertion cycles so expect flaky connections. Plus you still have to carry the bulkiest part (the cable) so you still need kit.

I personally just carry a three way AC power splitter cube while traveling, which gives me enough ports for laptop+phone+whomever I ask to share with.


ChargeDefense's website is live and we are taking pre-orders. We have our Juice-Jack Defender (500mA) for $12 and our Juice-Jack Defender Turbo (1A) for $15. We have volume prices and can do customized case with your company colors and company logos. ChargeDefense also had a array of other products, wall charges, battery pack, and cables. We will start shipping orders out this month. Please visit our website for more information.


In terms of a protective cover/case, maybe there is a cheap, everyday item or container it would fit into nicely. I put pen springs around all of my cable heads.


I feel someone should point out that the iPhone charger uses the data lines to basically ask for the available amperage, and charger faster if the charger is "iPhone compatible". So something like this will still work for iPhone but it will force it to charge much slower then it would otherwise.

> https://learn.adafruit.com/minty-boost/icharging


Seems like you can already get similar stuff elsewhere for cheaper and with a little plastic around the PCB: http://smile.amazon.com/PortaPow-Fast-Charge-Blackberry-Char...


Exactly, and for just $6.99

Not adding the plastic is being lazy.


We resell something similar, from DFRobot: http://www.robotmesh.com/usb-power-detector

One of the ports has the data lines connected, the other port doesn't, so it could be used as a USB condom.


I wonder if it would be possible to use a similar system to make a usb hard disk read-only. This would make it easy to avoid malicious computers transferring pesky autoexec.inf files and things like that.


I use a $10 usb 'lipstick' battery for the same thing - it charges itself and the phone, no data. Plus I get a free battery to charge my phone when there isn't an outlet available...


Had hoped from the title the product would be a way to switch a USB drive from read/write to enforced read-only mode to protect from malware on unknown hosts. Would be a nice product in itself.


I'd pay more for something like a "smart usb condom" which does allow data but only just for power negotiation, so that my devices can still negotiate for higher power when available.


$10 is expensive for such simple electronics! I understand that the price of the first piece is the highest, but if this gets mass-produced I think the price can easily drop to something like $1.


That assumes a massive number of people want this. As it is only geeks understand the risk and even fewer want/need to protect from it.


Be sure to check out http://int3.cc/ Ridley's community project, and watch his talks if you haven't seen those.


I can't help but wonder if we'll see USB condoms that help to protect against spying through EM/power draw changes, i.e. to spy on decryption activities.


If I can get a flash drive for $10 I should be able to get this for <$5. I'll wait until the novelty wears off and get it for $1 from china, on Ebay.


Couldn't a person just cut the green and white wires in their charging cable if they were concerned about this?


If you're going to carry this around why not just carry a wall charger instead?


Oh...I thought this was a...um...

Never mind.


:0 ok it's another sht


Did no one else get that it's a joke?


Is it a joke? IMO the name is bad and would put me off using it in professional/business situations, but everything else about the project seems serious to me.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: