Friday, December 4, 2015

Practice Safe Charging, redux



Many portable devices can be charged via a USB cable - incredibly convenient due to the ubiquity of USB slots in computers, cars, airport charging kiosks, and electronic equipment. The USB cables used to charge mobile devices are also capable of transferring data and programs, both legitimately and maliciously.

Miscreants can compromise a USB post in a public place, in an attack known as "juice jacking." The attacker either replaces the USB port, or installs malicious software on the device that contains the port; when you plug your phone or tablet in to charge, you get an unwelcome bonus of having your device taken over by the attacker.

Juice jacking is easy to prevent though. I carry a special power-only cable (readily available for $5 or $10 from Amazon, or most stores with a well-stocked electronics department). This cable is missing the physical wires used for transferring data, so it can only be used to deliver power. An easy alternative is a universal charge-only adapter. This is a simple USB adapter that connects to the end of any USB cable, again missing the physical wires to carry data, thus turning any cable into a charge-only cable.

Bob Covello writes of a different concern, especially in hospitals and medical facilities. A growing number of medical devices have USB ports, used by technicians to maintain the equipment, and used by medical professionals to transfer data and update medical instructions. These ports are a tempting source of power to a patient or visitor.

Plugging your device into medical equipment for a quick charge though could have unintended consequences. These devices are often keeping patients alive, or used in medical emergencies. Plugging a phone or tablet in could damage the devices, or infect the equipment with malware - meaning the device may not work as expected the next time a medical professional uses it.

The best tip? Keep a charging adapter handy and plug into the A/C outlet in the wall.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen