A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

EXTRA CREDIT

JUICE JACKING

USB cables normally carry both data and electricity. Data can be a problem, as it is an avenue through which a device can be attacked. The attack is called Juice Jacking (maybe Juice-Jacking) and the potential danger was first raised back in 2011. There are multiple defenses (see below) but the most commonly suggested defense is a USB cable that only does power. These cables go by multiple names: Power-Only cables, Charge-Only cables, USB Data Blockers or a USB condom.

  1. This excellent article USB Data Blocker Teardown (Aug 2020) explains three different types of USB data blockers.
  2. For an intro see How to Protect Yourself From Public USB Charging Ports by Chris Hoffman for How To Geek. August 2018.
  3. Protect your data with a USB condom by Adrian Kingsley-Hughes for ZDNet. April 11, 2023. With two different popular types of USB ports, you may need multiple USB condoms: There are: USB-A-to-USB-A, USB-A-to-USB-C, and USB-C-to-USB-C.
  4. Adafruit makes the PortaPow USB condom
  5. SyncStop also sells USB cables/adapters that only do power.

There are a number of other defenses too:

  1. Obvious: Rather using a public USB cable, plug into an electric outlet with your own cable and adapter
  2. Obvious: Use your own portable charger/battery
  3. Get a charge in your car, if possible
  4. If you are desperate, Brian Krebs suggests that a phone is much safer if its powered off. This from his April 14, 2023 article: Why is 'Juice Jacking' Suddenly Back in the News?

The Krebs article was one a number of articles in April 2023 that asked just how likely such an attack is. It was probably the best. Another was: Actually, Charging Your Phone in a Public USB Port Is Fine by Heather Tal Murphy for Slate. April 13, 2023. Despite the click bait headline, the article does recommend using a USB condom. It is mostly a takedown of how the tech press works. It says there are no known instances of a phone being hacked due to plugging into a public USB port. Still, this assumes that installing malware on a phone is the only danger and ignores the issue of files that might be visible over the data connection - files that can be copied and thus leave no trace on the phone. The article also says that new Android and iPhones ask whether you want to share data or charge only when they plug into a USB port that is set up to capture data. Of course, a victim can answer the question wrong. And, the articles does not not define "new" so its not clear when this feature was added.

 

 This page: 5 views per day (over 45 days)   Total views: 203   Created: April 13, 2023
This Page
Last Updated

April 16, 2023
Site Page
Views TOTAL

 613,780
Site Page
Views TODAY

  150
Previous
Website View

1.2 minutes ago
Website by
Michael Horowitz
@defensivecomput
top
Copyright 2019 - 2023