Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Krebs On Security)   If you're not using a phone charging condom you're charging with all the phones your power source has ever charged with. That slut   (krebsonsecurity.com) divider line 21
    More: Interesting, GUI, power sources, USB, data transfer, rogue security software  
•       •       •

2209 clicks; posted to Geek » on 18 Jun 2014 at 4:12 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



21 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-06-18 02:08:53 PM  
imageshack.com

Cut D+ and D-.
 
2014-06-18 04:18:10 PM  

Tr0mBoNe: [imageshack.com image 700x400]

Cut D+ and D-.


OR buy a box of cheap Chinese cables that do no include data...
 
2014-06-18 04:23:56 PM  
Piizzadude:
OR buy a box of cheap Chinese cables that do no include data...

Watch out for spyware.
 
2014-06-18 04:25:47 PM  
It's taken three years for this to come out? That's a cheap ass product that should be the size of a quarter, sold on infomercials for $14.95 + an unspoken amount of S&H, and come with a three year guarantee you won't be chargejacked while using this product or three hundred times your money back.

Okay, time goblins, I've put it out there. Let's see if you can have that in the mix of commercials by tonight, between the expanding hose I was using before it was invented and the pressure oven I was going to rip from the 1930 issue of Popular Mechanics.
 
2014-06-18 04:34:06 PM  
How vulnerable are non-iPhones? Don't Android devices need to be in debug mode to side load anything? And Windows Phones don't allow you to side load jack when it comes to software - the only thing you can touch are some media and document folders.
 
2014-06-18 04:38:02 PM  

Mad_Radhu: How vulnerable are non-iPhones? Don't Android devices need to be in debug mode to side load anything? And Windows Phones don't allow you to side load jack when it comes to software - the only thing you can touch are some media and document folders.

Someone might see my penis selfies
 
2014-06-18 04:45:59 PM  
Juice-jacking.

* snert *
 
2014-06-18 04:49:38 PM  
Honestly, I don't see this being a big problem.
 
2014-06-18 05:01:56 PM  
This should be implemented in the device being charged. Always default to charge-only. You should have to answer a prompt before exposing any data.
 
2014-06-18 05:23:41 PM  
Juice-jacking as a threat probably first crept into the collective paranoia of gadget geeks in the summer of 2011, after I wrote a story about two researchers at the DefCon hacker convention in Vegas who'd set up a mobile charging station designed to educate the unwary to the fact that many mobile devices (particularly Apple devices) are set up to connect to a computer and immediately sync data.

The jackass Krebs defending not mentioning iOS 7 blocking data automatically is pretty hilarious.
 
2014-06-18 05:49:22 PM  

Tr0mBoNe: [imageshack.com image 700x400]

Cut D+ and D-.


Phones and chargers use those lines to control the charging current (following several incompatible standards, of course) so you can't just cut them and expect it to work.
 
2014-06-18 05:51:00 PM  

Tobin_Lam: Juice-jacking as a threat probably first crept into the collective paranoia of gadget geeks in the summer of 2011, after I wrote a story about two researchers at the DefCon hacker convention in Vegas who'd set up a mobile charging station designed to educate the unwary to the fact that many mobile devices (particularly Apple devices) are set up to connect to a computer and immediately sync data.

The jackass Krebs defending not mentioning iOS 7 blocking data automatically is pretty hilarious.


It's the Windows autoplay bug all over again.
 
2014-06-18 06:01:42 PM  
Get a usb power bank, charge it then use it to charge your phone, added benefit you now have much longer cell life.
 
2014-06-18 06:10:50 PM  
Ummm my iPhone asks me if i want to trust this device, if i plug it into a computer to charge it, surely the same would apply if someone was slurping from a public charging port....

As far as i'm aware until you press trust, it doesn't transmit any data...and if you press don't trust it just reverts to normal charging mode.
 
2014-06-18 06:12:57 PM  

moel: Ummm my iPhone asks me if i want to trust this device, if i plug it into a computer to charge it, surely the same would apply if someone was slurping from a public charging port....

As far as i'm aware until you press trust, it doesn't transmit any data...and if you press don't trust it just reverts to normal charging mode.


You'd think someone that makes a living on "in-depth reporting" would have mentioned that.
 
2014-06-18 06:15:36 PM  

Tr0mBoNe: [imageshack.com image 700x400]

Cut D+ and D-.


Apple devices and Windows phones won't charge without those cables. The devices in the article get around that.
 
2014-06-18 07:47:26 PM  
Ivo Shandor:

Tr0mBoNe:

Cut D+ and D-.

Phones and chargers use those lines to control the charging current (following several incompatible standards, of course) so you can't just cut them and expect it to work.


Citation on that? If that were true, you wouldn't be able to charge a phone by plugging it into your computer's USB port, since there would be no driver governing (nor any hardware means) to regulate the charging current coming through the port.

Devices handle their own charging. They have their own current limiters and temperature sensors, charge profiling etc. Hook them up to any +5v power and they handle the rest. I can guarantee you can go to any dollar store or cheap phone accessory kiosk at the mall and find charging cables with 2 wires.

Or look up "altoids box charger." I built one once without the box... A 9v battery snap, an LM7805, a female USB-A pigtail and some wire and electrical tape. It worked just fine with my Windows phone of the time, although it did have a tendency to burn your fingers if you picked it up in operation.
 
2014-06-18 08:03:36 PM  
Tobin_Lam:

Tr0mBoNe: [imageshack.com image 700x400]

Cut D+ and D-.

Apple devices and Windows phones won't charge without those cables. The devices in the article get around that.


See my above post. I can't speak for Apple, their cable seems to be complex mostly because they throw in things like analog audio and stuff to interface with multimedia systems (which takes the load off of accessory developers, and allows third parties to build speaker docks for $5,) but so far as charging have charging cables that plug into USB, and for that purpose all they need is +5v and ground.

I'm going with Tr0mBoNe on this one, except to add you can find functional charging cables for just about any phone that don't even include *the wires* for D+ and D- cheap just about anywhere.
 
2014-06-18 08:12:07 PM  

maxheck: Tobin_Lam:

Tr0mBoNe: [imageshack.com image 700x400]

Cut D+ and D-.

Apple devices and Windows phones won't charge without those cables. The devices in the article get around that.

See my above post. I can't speak for Apple, their cable seems to be complex mostly because they throw in things like analog audio and stuff to interface with multimedia systems (which takes the load off of accessory developers, and allows third parties to build speaker docks for $5,) but so far as charging have charging cables that plug into USB, and for that purpose all they need is +5v and ground.

I'm going with Tr0mBoNe on this one, except to add you can find functional charging cables for just about any phone that don't even include *the wires* for D+ and D- cheap just about anywhere.


I was just going off one of the reps in the thread that said they originally tried just leaving out the data wires but they didn't work.
 
2014-06-18 08:12:20 PM  

maxheck: Citation on that?


One example. There's some old info about the Apple method here. You are correct that the actual charge regulation is performed by the device, but devices aren't allowed to draw more current than the host is willing to provide. If they can't communicate with the host or detect that they're plugged into a charging port, they're not supposed to draw more than 100mA (although many vendors ignore the standards).
 
2014-06-18 08:34:30 PM  
Ivo Shandor:

maxheck: Citation on that?

One example. There's some old info about the Apple method here. You are correct that the actual charge regulation is performed by the device, but devices aren't allowed to draw more current than the host is willing to provide. If they can't communicate with the host or detect that they're plugged into a charging port, they're not supposed to draw more than 100mA (although many vendors ignore the standards).


Huh... Never really delved into that part of USB, so thanks. But it still seems a somewhat silly way to do it, in that it basically cripples the dumbest and most useful chargers (wall warts, car chargers and CPU USB ports) down to 100ma in favor of "smart" chargers that probably can't even deliver more than 100ma.

Then again, this is the industry that comes up with a different connector to deliver 5v-center postitive" for every vendor's phone. It's almost as if they wanted to lock you into their particular hardware.

I've seen this in laptop chargers. They're all 17-19v center-positive. But everyone has a different plug, and HP / Compaq and Dell have added a third terminal to make sure they're talking to genuine HP / Compaq chargers.

/ spits on the ground.
 
Displayed 21 of 21 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
Advertisement
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report