6

I've asked the question Power-only USB connection to charge my phone - as simple as cutting the data lines? in electronics SE. In order to bypass the "Why do you want to do this?" request for clarification, I explained. Here is the first paragraph:

In a pinch I bought a $3 "phone recharger" from the bin shown below, but now I am too scared to connect it directly to my phone, which costs orders of magnitude more. While a poor design could present undesirable qualities to the 5V power output, I have no idea if there's something inside connected to the data lines - part of the 21st century USB angst that has many people saying "not in my USB port you don't". See this security SE answer for some background on USB angst.

I was repeatedly scolded in comments for wanting to be careful, e.g.

And what are you afraid of from the charger? What's it going to do? Tell your wife you've been looking at porn sites?

However there was some clarification:

You've also misunderstood the linked question on Security SE. Those plug in to a USB host and do nasty things to them by pretending to be a diffetent type if device. Your charger is the host in this case, and so can't present itself as any other device to your phone. It could (maybe) implement a host and install drivers (on itself) for the USB devices your phone presents, but it would have to be setup for a particular type of phone.

I'd be more worried about it damaging my phone than about some nebulous "security" problems. I repeat: What do you think it is going to do? Be more concerned about what facebook, candy crush, random programs from the playstore are spying on you than some piece of hardware that has no way to take use of any info it gets from you.

Question: I understand that buying random $3 phone chargers from a bin is foolish, and then having to ask about cutting the data lines in a USB cable is probably further evidence of this, but Android or iOS, is it safe to be picking one of these up and immediately connecting it to my phone? If it had an "extra chip" inside and it was preconfigured for a given OS, could it then do something that would raise issues of security?

$3 USB chargers in a bin

Community
  • 1
uhoh
  • 1,415
  • 2
  • 11
  • 21
  • 1
    This is my first question here. If I've included too much background information here, let me know, or just go ahead and edit. Help with tags also appreciated. – uhoh Aug 16 '17 at 17:23
  • 2
    Anything is possible based on individual imagination. But first, you must proofs that you can trigger a data connection bypass that wouldn't trigger the phone operating system that didn't pop up data connection confirmation. – mootmoot Aug 16 '17 at 17:26

3 Answers3

5

Oh yeah, those comments you quoted seem to be to be woefully ignorant (and rather disrespectful since you have a legitimate question).

Welcome to the world of tin-foil-hattery!

Your fear that the battery pack may be more than a battery pack seems perfectly reasonable to me.

The comment is of course correct that the direction is reversed relative to the traditional BadUSB attack: USB Stick --> PC vs USB Power Pack <-- Phone, so your phone will not automatically install drivers supplied by the device. So BadUSB doesn't apply directly, but that by no means rules out the possibility of it exploiting a buffer overflow or similar vuln on the phone's USB packet parser.

It seems perfectly reasonable to be that the USB power pack could have a chip that exploits some unknown and unpatched vulnerability in the Android or iOS USB drivers (aka "a 0-day attack") potentially leading to full compromise of your phone. With both OSes trying to get increasing functionality out of that USB port, there's bound to be new code in their USB stacks, and as with all new code, there's bound to be some 0-days floating around.

As for mitigation

Apply the same reasoning you'd apply to plugging a USB stick into your CP: if you don't trust the device, don't connect it. Don't buy devices from dubious manufacturers, and always buy electronics in person rather than online for mail-delivery since the NSA has a proven history of doing this (and if the NSA is doing it, then they're surely not the only ones).

The NSA Actually Intercepted Packages to Put Backdoors in Electronics

Mike Ounsworth
  • 58,107
  • 21
  • 154
  • 209
  • Eh, you can use the "there might be a 0-day" argument to claim that pretty much anything is insecure. (E.g. For all you know, your DNS resolver might have a 0-day and merely attempting to resolve security.stackexchange.com right now could cause you to get pwned.) I think if you want to claim there's a significant security risk associated with this you'll need to use a much stronger argument than that. – Ajedi32 Aug 17 '17 at 17:06
  • @Ajedi32 I think that's exactly my point. Claiming "you misunderstood the attack --> the attack doesn't apply --> this system is secure" is a bogus argument 100% of the time. That said, we have to trust something, so I choose to trust stuff that's been around for a while. – Mike Ounsworth Aug 17 '17 at 17:08
2

Removing the data pins from the USB plugs should be enough. Better yet, just buy a syncstop.

http://syncstop.com/

You could have one plugged into whatever device you charge your battery from and then another from the battery to your phone. Only power being passed that way.

You can also make them, just search for "make USB condom" online.

Joshua Gimer
  • 290
  • 1
  • 5
0

It may be wise to see if there is any activity on the USB device by using Wireshark with the USBPcap, if supported on your system. They have it as an option on install. If you have any USB-Devices with suspicious behaviour, this is a great way to get some traffic from it.

JuliaTheMad
  • 59
  • 4
  • What USB drive? The question is about USB chargers. The way they work, your phone appears as a USB drive to the charger, not the other way around. Though I suppose you could find a Male<-->Male USB cable (or a laptop with a female microUSB port) to see if there is any data traffic from the charger. – Mike Ounsworth Aug 17 '17 at 17:11