Safeguard Your Devices and Data with These Must-Know USB Precautions in Public Spaces! | SNM Consulting
By Aruneesh Salhotra / May 19, 2023
Have you ever found a USB cable left in a public place (such as a coffee shop or airport) unclaimed and had the urge of taking it along or otherwise to be dumped? Sounds familiar? Read on. Welcome to the world of “USB drop attack”. A malicious actor will leave a USB cable in a public place to trick someone into plugging it into their device. The cable may be disguised to look like a normal cable or may be labeled with a message designed to entice someone to use it (such as “free charging cable”).
Associated Risks using USB Charging at public charging stations
- Malware or viruses: Public charging stations can be prime targets for hackers who may upload malicious software onto the charging station. Once you connect your device to the charging station, the malware can infect your device.
- Data theft: Public charging stations can also be used to steal data from your device. This is known as “juice jacking”. A hacker can install a small device inside the charging station which can access your phone’s data.
- Physical damage: Cheap or poorly maintained charging stations may deliver too much power to your device, which can cause physical damage to your battery or other components.
- Power surge: Power surges can occur if there is a sudden increase in voltage or current. This can happen if the charging station is damaged or poorly maintained. A power surge can cause physical damage to your device and potentially even start a fire.
Examples from security findings and research
- In 2014, a security researcher named Joe Grand demonstrated how a Chinese-made USB cable could be modified to include a hidden wireless access point and a backdoor that would allow an attacker to remotely control a device. The cable looked identical to a normal USB cable and could easily be used to compromise a device without the user’s knowledge.
- In 2016, a security researcher at the Black Hat security conference demonstrated how a charging cable could be modified to inject malware into an iPhone.
- Similarly, in 2017, researchers from the security firm Hacker House demonstrated how a Chinese-made lightning cable (designed for Apple devices) could be modified to allow an attacker to remotely access a device and install malware.
- In 2018, a cybersecurity company called Kaspersky Lab discovered a type of malware called “MosaicReg” that was designed to infect point-of-sale systems through USB charging cables.
- In 2019, a security researcher discovered a charging cable that had been modified to include a hidden Wi-Fi hotspot and a keylogger, which could be used to steal passwords and other sensitive information.
What you can/should do
To minimize exposure to such risks, it is important to
- Only use charging stations from reputable sources
- Avoid using USB charging cables provided by the charging station, instead use your cable.
- Keep an eye on your device while the device is being charged.
- Use charging cables instead of data cables.
- Consider using a portable battery pack to avoid using public charging stations.
