Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FBI Warns Against Using Public USB Ports Due to Malware Risk
- Thread starter MacRumors
- Start date
- Sort by reaction score
There is a well know phrase for the last decade or so “USB glory hole”. The end game is the same. If you go poking your USB things in any old hole you’re going to catch something.
The fun things though are the fake HID devices (rubber ducky). Your random USB device can identify as a keyboard and inject key presses the moment you plug it in. Start -> run -> powershell-> download malware from CnC server -> run. Game over.
The fun things though are the fake HID devices (rubber ducky). Your random USB device can identify as a keyboard and inject key presses the moment you plug it in. Start -> run -> powershell-> download malware from CnC server -> run. Game over.
So we need condoms for our phones when using a public USB receptacle?
I wouldn’t be worried about this on an iPhone at all… other devices? Yeah maybe wouldn't use those ports.
No matter, because the USBs at the airport never work anyway. They are only there to suggest convenience and modernity.
No matter, because the USBs at the airport never work anyway. They are only there to suggest convenience and modernity.
What year was this? Until maybe the last several years this was somewhat commonplace, I’d thinkHAH! At a concert, a 'band' was giving out USB sticks with their latest album on it. I asked them if they thought people would be that stupid, and they said 'Why?'. Um, because HACKING?!?! I took one, and plugged it in at work, using a 'public' computer there. It scanned okay, and did have some MP3's on it, but yeah, it could just as easily had nasty things on it too.I did tell them they could have saved money and just given out CD's or even cards with a QR code for a Dropbox account.
And enjoy rhe slowest charging speed possible, at least if i understand the requirements for pd/fas charging tight,. It seams you need a data cinnection to get anything abowe 30 ma, but I'm no expert so do feel free to correct e if I'm wrong. Allso since this is an Apple related site, does this work for apple devices, won't the malware in question need to bevsigned to run at all ( well at least on iphones/ioads). Oh well this was a general warning from the FBI an the gen publuc is ratherlimited when it comes to info sec so the mitght just have wanted to make the message as simple as possible, att on a goid dise if cluckbate titel writing and.....
Last edited:
The article is incorrect. According to Apple, you must "Trust" a device you connect to via cable to have it "do stuff". So with an Apple device you're safe unless you "trust" something.
I've been using this cable for years whenever I travel:
eshop.macsales.com
Unfortunately, it looks like OWC no longer makes it. But maybe there are similar cables from other makers.
NewerTech 1.0 Meter (39") Sync Switch USB Extension... at MacSales.com
NWTCBLUSBCS1M 1.0 Meter (39") NewerTech Sync Switch USB Extension Cable with charge/sync on/off switch. Extend the length of your USB Cable + control use for Charging only or Power & Sync with a simple switch. Protects your Data! 1 Year NewerTech Limited Warranty.
eshop.macsales.com
Unfortunately, it looks like OWC no longer makes it. But maybe there are similar cables from other makers.
Actually you need those wires and pins. Without them you are only getting 5W of charging speed bc the phone cannot "negotiate" with the AC adapter
You are assuming everyone is up to date with their iOS versions. There are new vulnerabilities found and patched all the time. You can never be too "safe".
BUT, Qi2 not here yet and 10 years is a rather long time. Really!
Why even use public power ports? If you're smart enough to bring a cable, you can bring a brick. Most USB ports are severely underpowered, with many still delivering only 500mA of power. Very few if any USB Type A ports will deliver 2A or 2.4A that Apple devices can accept. It simply doesn't happen. If you want to charge quickly, particularly now Type C PPS chargers exist, bring your own brick and get fast charging on your devices. I have almost never found USB ports to be useful except in cars where it's a quick setup for CarPlay/Android Auto.
There are already similar emerging attack vectors with public EV chargers. These will become common as autonomous and semi-autonomous EVs become common. For example, those EVs will require HD maps, whose files are so big that it makes sense to download them over Wi-Fi at chargers than over public 5G while driving. That's an ideal time to slip in malware.
Been thinking about this a bit and return with some more thoughts.
I think Apple’s cut off of usb access only if phone is locked an hour may be worse than useless for most use cases. It’s really kind of dangerous because it’s rather an edge case solution without a main case companion solution.
I mostly use the usb to charge and rarely for data transfer.
I’d much rather have usb signal be off by default and have to be manually turned on either via a pop up each time but preferably by a switch in control center. Also an icon in dynamic island or next to mobile or Wi-Fi meters.
Unless apple is doing something different that’s it apparent, they are not only not doing enough but they are doing the wrong thing.
I think Apple’s cut off of usb access only if phone is locked an hour may be worse than useless for most use cases. It’s really kind of dangerous because it’s rather an edge case solution without a main case companion solution.
I mostly use the usb to charge and rarely for data transfer.
I’d much rather have usb signal be off by default and have to be manually turned on either via a pop up each time but preferably by a switch in control center. Also an icon in dynamic island or next to mobile or Wi-Fi meters.
Unless apple is doing something different that’s it apparent, they are not only not doing enough but they are doing the wrong thing.
For everyone suggesting a powerbank: consider that you could infect the powerbank with malware which could in turn attack your device. A powerbank is not just a battery with a usb port, it is certainly capable of having malware. So you have to keep your powerbank charged from safe sources as well.
On the reverse side of that is says "Made in China... where all of your blocked data is transmitted for safe keeping"...
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
Probably all of them. There is a long history of intelligence services bugging commercial aircraft. A classic example:
Les unsporting gits! French spies BUGGED Concorde passengers
Ex-RAF security bloke: Would have been dead easy even with 60s tech
If my iphone displays: "Trust this computer" after plugging into my battery pack, I would be very surprised - to say the least.
Good advice. People with malicious intent could connect those usb ports to anything and pass it off as a public charger. If you're traveling, get a power bank that could can carry around with you.