Pretty sure this was added to iOS 7. It’s a relatively simple feature, and I don’t think there been any vulnerabilities discovered
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FBI Warns Against Using Public USB Ports Due to Malware Risk
- Thread starter MacRumors
- Start date
- Sort by reaction score
The puck is too clunky for travel.
I’m talking about a little 1 cm long in-line adaptor with
a) Lightning in and out,
and for newer devices,
b) C in and out.
I know there are other brands already going this but I don’t trust them.
The United States Federal Bureau of Investigation (FBI) last week warned users to stay away from public USB ports due to malware risks. On Twitter, the Denver FBI office (via CNBC) said that public charging stations in hotels, airports, and shopping centers can be a malware attack vector.
Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.
Apple's iPhones and Macs have a USB security feature that prevents the Lightning port from being used for data transfer purposes when it has been more than an hour since the device was unlocked, but this does not prevent malware installation if you are actively using your device and connect to a public port.
If a public USB port is used to transfer malware to a computer, tablet, or smartphone, hackers can gain access to sensitive data on the device, siphoning usernames and passwords, hijacking email, stealing money from online accounts, and more.
The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.
The FBI has a similar warning on its website, noting that people should not use free charging stations. The FBI also warns against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for all accounts, and clicking unsolicited links in text messages and emails.
Article Link: FBI Warns Against Using Public USB Ports Due to Malware Risk
I have never used a public charging spot. That always looked...wrong.
I would use it to charge a power-bank, but not a phone.
If I am low on battery (or even out) - so be it. People used to get by without a phone before they existed.
I wasn’t implying to use Qi2 now. Just regular wireless charging now. I just added that it ten years it may not matter so much because Qi2 may become so prevalent out there, and charge quite quickly as to be acceptable to most.
Well, airplanes for obvious reasons don't have standard wall plugs, only USB ports, and those are just as susceptible to attacks. Whether it is practical, however, is another matter.
Bruh. Government has way more ways to monitor you than you can even imagine. Heck, imagine the government mandates mass installation of spyware. Remember, they can change the law.
I think the concern is buying a 30000 mAh battery for only $30. One can only imagine the quality of battery cells they put in and god knows if they have any level of serious tests for those power banks.
I would argue that the people least aware of attack vectors are the ones who update because their iPhone nags them to.
Actually, some airplanes DO have standard wall plugs. I was on a flight last year that had one on the seat back. Who knows how much power it was actually offering, but it was enough to fully charge my iPhone in no time.
I send my users the fbi page on business email compromise all the time. It does help to be able to say “it’s not me making this up, look here the fbi says it.”
Is it me, or does this seem like bad advice? If the malware injection hardware is on the USB port side, using your own USB cable wouldn't prevent anything, right?
This should probably be updated to say USB charger and cable.
Believe it or not that doesn't answer my question. Who the crap is on their device for 19 hours straight? As I said, take a book. Take a nap. Get off your screen.
If it's SO EASY to "infect" my phone by plugging in a USB cable, then WHY THE HELL have we been dealing with the "Trust this Computer" prompt every time I plug in my phone???
10 years ago or so? First and only one I had been too where people, legit people, were handing out anything. I've been to way more shows where people were handing out CDs and DVDs. Like a Pink Floyd show where the Australian Floyd group was handing out CDs. Apparently real Floyd was okay with it, and Aussie Floyd are pretty darn good.
The way I've heard it is that some Android devices will charge slower, or not at all if there isn't a data connection. It seems a bizarre requirement, especially now with connections injecting nastiness and slurping data. Another reason I'm glad to not own a Droid device. Just say no...
Last edited:
On an Apple device. Not all devices are so capable of blocking things or tattling on attempts to exploit the OS. It's a possibility, so I definitely avoid it where ever possible, and having gotten rental cars with full contact/address books, I'm positive that either people are that stupid to click 'HELL YES' to a prompt from the head unit to slurp their data, or their device doesn't notify them of the attack.
Bring your own USB cable and it seems problem solved.
And my mom always said 'Don't name it after me' with lots of laughter. She did have a strange sense of humor. 🤷🏻♂️
I seem to remember a company that came out with a 'computer condom' as a joke, and their motto was 'Practice safe hex'. I think their motto kind of fell flat with people that didn't get it, and I'd think MANY people didn't get it. I thought it was funny.
But using some OSes, any website that you go to could infect/inject your system. I mean, it's not like *every* site you go to will, but the 'low rent' sites are to be avoided. One client was a devotee of certain ideological websites and his system was always getting hammered. I talked to him, and lower management did too. I ended up putting him on a public address and outside their network. He didn't need access, and it worked out well. I rebuilt his system every few months (usually about quarterly) and he was happy. Stepped up internal security JIC. Weird place. *shrug*
Last edited:
Depends on the fee? Most airline charge $10 for basic charging, but $12 for non-spy charging, which seems like a good deal, until you read the fine print, and see the connection try fee, of $2, which is why they won't switch to USB-C, every time you try to plug into a USB-A port the wrong direction you get charged another $2.
Or use a public charger to charge your power brick since it is a dumb device, and charge/run your device from it.
If you live in the U.S., then there’s no competition for this stuff due to tariffs and bans. In that case you might think $30 is cheap when in fact it’s well above production costs for a quality bank.
How much do you think a 100Whr pack costs? Look up the BOM of an iPhone 12 Pro Max. The fancy L-shaped battery itself costs $6.
You can find plenty of teardowns of Xiaomi banks. They use standard ATL batteries, same supplier as Apple.
Every flight I’ve been on for the last decade has had a standard power receptacle under the seat. But I only fly international.
I never use the USB ports due to poor power and voltage regulation. Plugging in your own adapter is best.
But is it/are they 'dumb'?
Many (most?) cables have a small amount of memory in them, I read, that might be able to be hacked. Many cables were hacked. It's not a place where it's easy to write things to, but there was a proof of concept 'tool' that allowed people to write to that space. That's how e-cigs and other things are hacked too. Some came out of China ready to charge, and infect whatever they were plugged in to that could be infected. Don't plug anything suspect into anything you own that is intelligent and that you value. If it's important, keep it safe. Someone asked me if there was a 100% safe computer. Well, there is. It's in a locked room with no network access and limited to a certain number of people. Preferably one. It also has no ports, etc... Obviously not very usable in today's standards except possibly for playing games? And then no updates...
Like in healthcare, and dating, Be Safe, Be Educated...