Plugging random ports is risky: use a (USB) condom to say safe
Plugging your smartphone into random USB ports to get a charge is a great way to pick up a nasty piece of malware, or get data siphoned from the device. One US security company is offering a solution to those looking for a quick plug.
Having a wild USB port in the desert of an airport, convention center, or train station can be a blessing for someone with a gadget on its last battery bar. But this oasis of energy can have its own set of risks: rarely will a user know much about the port they are plugging and it could transfer more than just power.
As a USB port is primarily designed to transfer data, any device connected to it runs the risk of having malware uploaded to it or data being siphoned from it. At Krebs on Security, security researcher and journalist Brian Krebs describes a proof-of-concept juicejacking attack demonstrated at DefCon:
“We’d been talking about how dangerous these charging stations could be. Most smartphones are configured to just connect and dump off data,” Markus said. “Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device.”
To make their charging station more attractive to passersby, Markus and his pals equipped it with a variety of charging cables to fit the most popular wireless devices. When no device was connected, the LCD screen fitted into the charging station displayed a blue image with the words “Free Cell Phone Charging Kiosk.” The screen switched to a red warning sign when users plugged in any devices. The warning message read:
“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”
But now there’s a defense against these malicious ports: a USB condom. Created by Int3.cc, an American security consultancy and embedded developer, this device acts as a condom like barrier between port and smartphone blocking the data ports but allowing power to flow freely through.
The device should go on sale early this week, but there’s no price listed yet on Int3.cc’s website. Reportedly the company is waiting for the first batch of devices to arrive from the factory.