Google+ How Safe Are Public Charging Stations? by MATTHEW HUGHES ~ High Tech House Calls
Expert Computer Consulting for Homes and Small Businesses

Let there be hope...

Life has changed there is no doubt and we wanted to reach out to see how you are doing.

As we go through this interesting time, we are trying to look at this as an opportunity to focus on our family and on friends like you. Let us use this extra time to catch up and talk more. Let us cook food that is not fast, but interesting and satisfying. Let us learn to enjoy a time to try new things. Let us find ways to enjoy time at home!

Computer Security

If my client base is any experience, anyone can be a victim of a Ransomware, Malware or Virus attack.

What can you do about it?

I conduct audits of your entire computer infrastructure and apply best practice solutions to plug the security holes on your computers, Smartphones and networks.

Now offering consultations to give you the best protection possible:


404.229.0839
carlthorne@hthcatlanta.com

Jack of All Trades, Master of Many

Jack of All Trades, and Master of Many

We provide technical support for:


Homes and small businesses

Windows and the Mac OS platform

iPhones and Android Smartphones

Wireless and wired networks

New device setup

Old device upgrade or repair

One-on-one training

Remote assistance


How To Stop Malware

Thursday, October 31, 2019

How Safe Are Public Charging Stations? by MATTHEW HUGHES

These days, airports, fast-food restaurants, and even buses have USB charging stations. But are these public ports safe? If you use one, could your phone or tablet be hacked? We checked it out!

Some Experts Have Sounded the Alarm

Some experts think you should be concerned if you’ve used a public USB charging station. Earlier this year, researchers from IBM’s elite penetration testing team, X-Force Red, issued dire warnings about the risks associated with public charging stations.
“Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth,” said Caleb Barlow, the vice president of threat intelligence at X-Force Red. “You have no idea where that thing has been.”
Barlow points out that USB ports don’t merely convey power, they also transfer data between devices.
Modern devices put you in control. They aren’t supposed to accept data from a USB port without your permission—that’s why the “Trust This Computer?” prompt exists on iPhones. However, a security hole offers a way around this protection. That’s not true if you simply plug a trusted power brick into a standard electrical port. With a public USB port, though, you rely on a connection that can carry data.
With a bit of technological cunning, it’s possible to weaponize a USB port and push malware to a connected phone. This is particularly true if the device runs Android or an older version of iOS, and therefore, is behind on its security updates.
It all sounds scary, but are these warnings based on real-life concerns? I dug deeper to find out.

From Theory to Practice


A hand plugging a USB cord into a charging port on the back of an airline seat.
VTT Studio/Shutterstock

So, are USB-based attacks against mobile devices purely theoretical? The answer is an unambiguous no.
Security researchers have long regarded charging stations as a potential attack vector. In 2011, veteran infosec journalist, Brian Krebs, even coined the term “juice jacking” to describe exploits that take advantage of it. As mobile devices have inched toward mass-adoption, many researchers have focused on this one facet.
In 2011, the Wall of Sheep, a fringe event at the Defcon security conference, deployed charging booths that, when used, created a pop-up on the device that warned about the dangers of plugging into untrusted devices.
Two years later, at the Blackhat USA event, researchers from Georgia Tech demonstrated a tool that could masquerade as a charging station and install malware on a device running the then-latest version of iOS.
I could continue, but you get the idea. The most pertinent question is whether the discovery of “Juice Jacking” has translated into real-world attacks. This is where things get a bit murky.

Understanding the Risk

Despite “juice jacking” being a popular area of focus for security researchers, there are scarcely any documented examples of attackers weaponizing the approach. Most of the media coverage focuses on proofs-of-concept from researchers who work for institutions, like universities and information security firms. Most likely, this is because it’s inherently difficult to weaponize a public charging station.
To hack a public charging station, the attacker would have to obtain specific hardware (such as a miniature computer to deploy malware) and install it without getting caught. Try doing that in a busy international airport, where passengers are under intense scrutiny, and security confiscates tools, like screwdrivers, at check-in. The cost and risk make juice jacking fundamentally ill-suited for attacks aimed at the general public.
There’s also the argument that these attacks are relatively inefficient. They can only infect devices that are plugged into a charging socket. Furthermore, they often rely on security holes that mobile operating system manufacturers, like Apple and Google, regularly patch.
Realistically, if a hacker tampers with a public charging station, it’s likely part of a targeted attack against a high-value individual, not a commuter who needs to nab a few battery percentage points on her way to work.

Safety First


USB charging cables at a public charging station in a park.
galsand/Shutterstock

It’s not the intent of this article to downplay the security risks posed by mobile devices. Smartphones are sometimes used to spread malware. There have also been cases of phones being infected while connected to a computer that harbors malicious software.
In a 2016 Reuters article, Mikko Hypponen, who is effectively the public face of F-Secure, described a particularly pernicious strain of Android malware that impacted a European aircraft manufacturer.
“Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit,” the article stated.
“Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.”
You buy home insurance not because you expect your house to burn down, but because you have to plan for the worst-case scenario. Similarly, you should take sensible precautions when you use computer charging stations. Whenever possible, use a standard wall socket, rather than a USB port. Otherwise, consider charging a portable battery, rather than your device. You can also connect a portable battery and charge your phone from it as it charges. In other words, whenever possible, avoid connecting your phone directly to any public USB ports.
Even though there’s little documented risk, it’s always better to be safe than sorry. As a general rule, avoid plugging your stuff into USB ports you don’t trust.