Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

FBI Warns Against Using Public USB Ports Due to Malware Risk

sorgo said:
Could Lockdown Mode potentially/theoretically protect against such an attack?
Click to expand...
It will reduce the risk, but the FBI is giving general advice in part to simplify and in part to protect people who will give permission anyway without understanding.

You're still relying on the device to properly restrict data access, and more than likely bad actors are going to go after the low hanging fruit instead of trying to bypass these restrictions, but in theory, the risk remains.

I'll also point out that you're dealing with other unknowns as well. Is the USB port a good power supply or has it been damaged/vandalized. Is there gum or something worse in the port?

If you need to take the risk, it's one thing, and then restrict data access. However, it's a good idea to bring your own power adapter with you instead.
 
  • Like
Reactions: Mescagnus, JapanApple, KaliYoni and 1 other person
I usually bring my own charge-brick + cable. The only place I've found that to be a problem is on aircraft where sometimes the only power is a USB socket. I wonder how many of these have been compromised to inject malware? In any case, a power-only dongle or using my own external battery, as others have mentioned, should generally work.
 
  • Like
Reactions: JapanApple
PortaPow Data Blocker


redTwin.jpg
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
  • Like
Reactions: System603, riverfreak and Huck
Mousse said:
There is a simple solution. Get a USB cable that only has the power and ground cables. Done and done.
Click to expand...
The challenge here, however, is that no-one want to carry both cables. That said, I very rarely ever sync via a cable these days - it's all in iCloud.
 
  • Like
Reactions: JapanApple
Well this should offset,and more, the “environmental benefits” of Apple not including chargers in their boxes anymore.
 
  • Love
  • Haha
Reactions: Huck and psxp
MacRumors said:
Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.
Click to expand...
Yeah. The FBI was probably working with said "bad actors" to propagate the malware....then the bad actors turned on them lol.
 
  • Haha
  • Disagree
  • Like
Reactions: George Dawes, FCX, ericwn and 4 others
Good on the FBI for making the warning public, but this is also pretty much common sense for the average tech-savvy person. Hopefully this gets the message out to the less-savvy folks.

Just like you wouldn’t put an unknown USB flash drive into your machine, you shouldn’t just go plugging your device into any random USB port. Not to mention you’d almost certainly get faster charging speeds using a public power outlet with the right wall adapter…
 
  • Like
Reactions: arkitect and PinkyMacGodess
MacRumors said:


The United States Federal Bureau of Investigation (FBI) last week warned users to stay away from public USB ports due to malware risks. On Twitter, the Denver FBI office (via CNBC) said that public charging stations in hotels, airports, and shopping centers can be a malware attack vector.

lightning-connector-feature.jpg

Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.

Apple's iPhones and Macs have a USB security feature that prevents the Lightning port from being used for data transfer purposes when it has been more than an hour since the device was unlocked, but this does not prevent malware installation if you are actively using your device and connect to a public port.


If a public USB port is used to transfer malware to a computer, tablet, or smartphone, hackers can gain access to sensitive data on the device, siphoning usernames and passwords, hijacking email, stealing money from online accounts, and more.

The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.

The FBI has a similar warning on its website, noting that people should not use free charging stations. The FBI also warns against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for all accounts, and clicking unsolicited links in text messages and emails.

Article Link: FBI Warns Against Using Public USB Ports Due to Malware Risk
Click to expand...

Basically, people hack themselves! Happens all the time. 'Tech support asked me for my password, and now I can't login!' Only one of many stupid human tricks regarding technology.

I told my mom 'There is less than zero reason for tech support to EVER ask for your password!' Then one day she came up to me with a funny look on her face. She had a call from a number she didn't recognize and it was 'Microsoft tech support' asking for her password. She told them she wanted to talk to 'Bill', to make sure this was legit. Bill who? Bill Gates! Then she told them to 'eff off' and hung up. I was so proud...
 
  • Like
  • Love
Reactions: JunBringer, wyrdness, gusmula and 3 others
Good lord. I knew the screeching would commence as soon as I read FBI. They try to give the public a warning and the blood pressure goes up and the tin foil hats come out. I can hear the angry keyboard pecking from here.

In all seriousness, I'd be interested in hearing more about the malware and exploitation to mobile devices.
 
  • Like
  • Haha
  • Disagree
Reactions: wyrdness, gusmula, b17777 and 7 others
The Incendiary said:
Good on the FBI for making the warning public, but this is also pretty much common sense for the average tech-savvy person. Hopefully this gets the message out to the less-savvy folks.

Just like you wouldn’t put an unknown USB flash drive into your machine, you shouldn’t just go plugging your device into any random USB port. Not to mention you’d almost certainly get faster charging speeds using a public power outlet with the right wall adapter…
Click to expand...

HAH! At a concert, a 'band' was giving out USB sticks with their latest album on it. I asked them if they thought people would be that stupid, and they said 'Why?'. Um, because HACKING?!?! I took one, and plugged it in at work, using a 'public' computer there. It scanned okay, and did have some MP3's on it, but yeah, it could just as easily had nasty things on it too. :rolleyes: I did tell them they could have saved money and just given out CD's or even cards with a QR code for a Dropbox account.
 
BGPL said:
Good lord. I knew the screeching would commence as soon as I read FBI. They try to give the public a warning and the blood pressure goes up and the tin foil hats come out. I can hear the angry keyboard pecking from here.

In all seriousness, I'd be interested in hearing more about the malware and exploitation to mobile devices.
Click to expand...

They should send these warnings out on a quarterly basis. And, yeah, people will totally ignore their warnings and possibly pay a price for it. A friend's mom had her bank account drained due to hacking. She got it back somehow, but the friend was sure freaked out...
 
Why are you not using a brick and wall outlet? Why are you charging anywhere but in your hotel room or vehicle between? How are you burning through an entire battery on a flight? Take a book or something, sheesh.
 
The Trust This Device” doesn’t give me much confidence.

I have a new M2 MBA, and new iPhone SE3, and the cable that came with the phone.

Near every time I connect the cable I get this message. But sometimes I don’t. There seems to be no pattern.

As I see it, if my matched set of Apple gear can’t tell or remember what is to be trusted, it probably is not very good in the other direction either.

Given this, unless and until Apple has a solid solution here, I’d prefer to get this message all the time.

I’d also like an Apple adaptor to put between a) USB and cable, b) cable and device, or c) both, that would transfer power only.
 
  • Like
Reactions: sound
BGPL said:
Good lord. I knew the screeching would commence as soon as I read FBI. They try to give the public a warning and the blood pressure goes up and the tin foil hats come out. I can hear the angry keyboard pecking from here.

In all seriousness, I'd be interested in hearing more about the malware and exploitation to mobile devices.
Click to expand...

Same. "Figured out how to use charging stations" is vague. What exactly are they doing? How are they getting data into the charging station?
 
To be fair I’m completely with the lightning port. I never connect my iPhone to a computer for data transfer - only ever use the port for charging and that’s it. The implementation of USB-C will have no impact on me, other then being able to use the same cable as my iPad.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back