1. Forum
  2. USENET
  3. nz.comp

  • Malicious USB Interfaces In Airports

    From Lawrence D'Oliveiro@ldo@nz.invalid to comp.misc,nz.comp on Fri Jun 7 04:02:13 2024
    From Newsgroup: nz.comp

    Seems there have been cases of crims hijacking USB charging outlets in
    airports to connect special devices that can pwn your mobile device <https://www.nzherald.co.nz/travel/news/airport-passengers-warned-of-phone-charging-scams/RGBS35ORBVBUDJIVO466TIFNAQ/>.

    When I was in Hong Kong Airport a few years ago, it was very hard for
    me to find a mains outlet to charge my laptop. Just about all the
    ports built into the public seating areas were USB ones, for
    phones/tablets.

    It is possible to get USB cables that only connect the power wires for charging, without enabling data transfer. Alternatively, here <https://github.com/robertfisk/USG/wiki> is a USB rCLfirewallrCY-type
    device that tries to protect you from malicious devices. If you donrCOt
    want to build your own, thererCOs a link in the readme to buy NZ-made
    ones.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From yeti@yeti@tilde.institute to comp.misc,nz.comp on Fri Jun 7 06:03:10 2024
    From Newsgroup: nz.comp

    Maybe better only charge powerbanks on untrusted outlets and then later
    charge your phone with them. That adds the benefit that power glitches
    may only kill the powerbank and not the phone.
    --
    I do not bite, I just want to play.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Ralph Fox@-rf-nz-@-.invalid to nz.comp on Fri Jun 7 17:35:48 2024
    From Newsgroup: nz.comp

    On Fri, 7 Jun 2024 04:02:13 -0000 (UTC), Lawrence D'Oliveiro wrote:

    Seems there have been cases of crims hijacking USB charging outlets in airports to connect special devices that can pwn your mobile device <https://www.nzherald.co.nz/travel/news/airport-passengers-warned-of-phone-charging-scams/RGBS35ORBVBUDJIVO466TIFNAQ/>.

    When I was in Hong Kong Airport a few years ago, it was very hard for
    me to find a mains outlet to charge my laptop. Just about all the
    ports built into the public seating areas were USB ones, for
    phones/tablets.

    It is possible to get USB cables that only connect the power wires for charging, without enabling data transfer. Alternatively, here <https://github.com/robertfisk/USG/wiki> is a USB rCLfirewallrCY-type
    device that tries to protect you from malicious devices. If you donrCOt
    want to build your own, thererCOs a link in the readme to buy NZ-made
    ones.

    For charging my phone at the airport, a USB data blocker gives complete security for a tenth the price of that NZD $79.00 rCLfirewallrCY-type device.

    <https://www.aliexpress.com/item/1005005162014091.html>
    <https://www.aliexpress.com/item/1005007101835777.html>

    <https://www.temu.com/nz/usb-data-blocker-protects-data-with-plug-and-play-usb-converter-head-g-601099557440405.html>


    Also, are there any *independent* tests of that $79.00 rCLUSGrCY rCLfirewallrCY-type
    device?
    --
    Kind regards
    Ralph Fox
    Efae

    The greatest talkers are always the least doers.
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to comp.misc,nz.comp on Fri Jun 7 09:07:12 2024
    From Newsgroup: nz.comp

    Lawrence D'Oliveiro wrote:

    It is possible to get USB cables that only connect the power wires for charging, without enabling data transfer. Alternatively, here <https://github.com/robertfisk/USG/wiki> is a USB rCLfirewallrCY-type
    device that tries to protect you from malicious devices.

    See also "USB condom"
    <https://www.usbcompany.co.uk/accessories/usb-condom>

    Not so simple with type-C and PD
    --- Synchronet 3.21d-Linux NewsLink 1.2
  • From scott@scott@alfter.diespammersdie.us (Scott Alfter) to comp.misc,nz.comp on Fri Jun 7 14:12:23 2024
    From Newsgroup: nz.comp

    In article <lcftdfFlf5sU1@mid.individual.net>,
    Andy Burns <usenet@andyburns.uk> wrote:
    Lawrence D'Oliveiro wrote:

    It is possible to get USB cables that only connect the power wires for
    charging, without enabling data transfer. Alternatively, here
    <https://github.com/robertfisk/USG/wiki> is a USB "firewall"-type
    device that tries to protect you from malicious devices.

    See also "USB condom"
    <https://www.usbcompany.co.uk/accessories/usb-condom>

    Not so simple with type-C and PD

    This one's worked reasonably well for me:

    https://amzn.to/3xaZQ2r

    I suspect it blocks PD negotiation for higher power levels, but if all
    you're charging is a phone, it should fall back to at least 5V 2.4-3A charging of some sort. (My current phone doesn't support PD anyway...it uses
    something called "Warp Charge" that is unlikely to be supported by any
    public charger.)

    (Your newsreader is inserting CRs at the ends of lines, BTW...might want to
    fix that.)
    --
    _/_
    / v \ Scott Alfter (remove the obvious to send mail)
    (IIGS( https://alfter.us/ Top-posting!
    \_^_/ >What's the most annoying thing on Usenet? --- Synchronet 3.21d-Linux NewsLink 1.2
  • From Ralph Fox@-rf-nz-@-.invalid to nz.comp on Sat Jun 8 08:29:16 2024
    From Newsgroup: nz.comp

    On Fri, 07 Jun 2024 14:12:23 GMT, Scott Alfter wrote:

    (Your newsreader is inserting CRs at the ends of lines, BTW...might want to fix that.)

    I see CRLF at the ends of lines in Andy Burns' message. Both in the
    raw message and in the base64-decoded text. I checked Andy's message
    on two different news servers.

    CRLF is the correct, standard on-the-wire format.
    --
    Kind regards
    Ralph Fox
    Efae

    A man must plow with such oxen as he hath.
    --- Synchronet 3.21d-Linux NewsLink 1.2