Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
You are assuming everyone is up to date with their iOS versions. There are new vulnerabilities found and patched all the time. You can never be too "safe".
Pretty sure this was added to iOS 7. It’s a relatively simple feature, and I don’t think there been any vulnerabilities discovered
 
Apple’s got you covered. Just put them between USB and the device. They even include the cord:


iPad owners are out of luck though.
The puck is too clunky for travel.

I’m talking about a little 1 cm long in-line adaptor with
a) Lightning in and out,
and for newer devices,
b) C in and out.

I know there are other brands already going this but I don’t trust them.
 


The United States Federal Bureau of Investigation (FBI) last week warned users to stay away from public USB ports due to malware risks. On Twitter, the Denver FBI office (via CNBC) said that public charging stations in hotels, airports, and shopping centers can be a malware attack vector.

lightning-connector-feature-blue.jpg

Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.

Apple's iPhones and Macs have a USB security feature that prevents the Lightning port from being used for data transfer purposes when it has been more than an hour since the device was unlocked, but this does not prevent malware installation if you are actively using your device and connect to a public port.


If a public USB port is used to transfer malware to a computer, tablet, or smartphone, hackers can gain access to sensitive data on the device, siphoning usernames and passwords, hijacking email, stealing money from online accounts, and more.

The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.

The FBI has a similar warning on its website, noting that people should not use free charging stations. The FBI also warns against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for all accounts, and clicking unsolicited links in text messages and emails.

Article Link: FBI Warns Against Using Public USB Ports Due to Malware Risk


I have never used a public charging spot. That always looked...wrong.

I would use it to charge a power-bank, but not a phone.

If I am low on battery (or even out) - so be it. People used to get by without a phone before they existed.
 
BUT, Qi2 not here yet and 10 years is a rather long time. Really!
I wasn’t implying to use Qi2 now. Just regular wireless charging now. I just added that it ten years it may not matter so much because Qi2 may become so prevalent out there, and charge quite quickly as to be acceptable to most.
 
Now if you have a power bank you can continue charging on the plane assuming the plane has no plugs (ahem Southwest), but my point is if you can access a wall plug, do so first.
Well, airplanes for obvious reasons don't have standard wall plugs, only USB ports, and those are just as susceptible to attacks. Whether it is practical, however, is another matter.
Now you're catching on! One of the reasons for the USB-C mandate was to make government spying easier!
Bruh. Government has way more ways to monitor you than you can even imagine. Heck, imagine the government mandates mass installation of spyware. Remember, they can change the law.
You're right, my battery is spying on me right now. Better axe it in half!
I think the concern is buying a 30000 mAh battery for only $30. One can only imagine the quality of battery cells they put in and god knows if they have any level of serious tests for those power banks.
 
  • Like
Reactions: compwiz1202
You are assuming everyone is up to date with their iOS versions. There are new vulnerabilities found and patched all the time. You can never be too "safe".
I would argue that the people least aware of attack vectors are the ones who update because their iPhone nags them to.
 
Well, airplanes for obvious reasons don't have standard wall plugs, only USB ports, and those are just as susceptible to attacks.
Actually, some airplanes DO have standard wall plugs. I was on a flight last year that had one on the seat back. Who knows how much power it was actually offering, but it was enough to fully charge my iPhone in no time.
 
I feel like this is something that's been known in tech circles for years..

I've been trying to explain this to my customers, family, and friends for years now..

Maybe they'll actually pay attention to this?

Probably not, but it can't hurt.

I send my users the fbi page on business email compromise all the time. It does help to be able to say “it’s not me making this up, look here the fbi says it.”
 
The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.
Is it me, or does this seem like bad advice? If the malware injection hardware is on the USB port side, using your own USB cable wouldn't prevent anything, right?

This should probably be updated to say USB charger and cable.
 
What year was this? Until maybe the last several years this was somewhat commonplace, I’d think

10 years ago or so? First and only one I had been too where people, legit people, were handing out anything. I've been to way more shows where people were handing out CDs and DVDs. Like a Pink Floyd show where the Australian Floyd group was handing out CDs. Apparently real Floyd was okay with it, and Aussie Floyd are pretty darn good.
 
And enjoy rhe slowest charging speed possible, at least if i understand the requirements for pd/fas charging tight,. It seams you need a data cinnection to get anything abowe 30 ma, but I'm no expert so do feel free to correct e if I'm wrong. Allso since this is an Apple related site, does this work for apple devices, won't the malware in question need to bevsigned to run at all ( well at least on iphones/ioads). Oh well this was a general warning from the FBI an the gen publuc is ratherlimited when it comes to info sec so the mitght just have wanted to make the message as simple as possible, att on a goid dise if cluckbate titel writing and.....

The way I've heard it is that some Android devices will charge slower, or not at all if there isn't a data connection. It seems a bizarre requirement, especially now with connections injecting nastiness and slurping data. Another reason I'm glad to not own a Droid device. Just say no...
 
Last edited:
They are very unlikely to actively try to attack the plugged in device with exploits. They won’t be able to access anything unless given permission.

On an Apple device. Not all devices are so capable of blocking things or tattling on attempts to exploit the OS. It's a possibility, so I definitely avoid it where ever possible, and having gotten rental cars with full contact/address books, I'm positive that either people are that stupid to click 'HELL YES' to a prompt from the head unit to slurp their data, or their device doesn't notify them of the attack.
 
Dad always said be careful where you stick it.

And my mom always said 'Don't name it after me' with lots of laughter. She did have a strange sense of humor. 🤷🏻‍♂️

I seem to remember a company that came out with a 'computer condom' as a joke, and their motto was 'Practice safe hex'. I think their motto kind of fell flat with people that didn't get it, and I'd think MANY people didn't get it. I thought it was funny.

But using some OSes, any website that you go to could infect/inject your system. I mean, it's not like *every* site you go to will, but the 'low rent' sites are to be avoided. One client was a devotee of certain ideological websites and his system was always getting hammered. I talked to him, and lower management did too. I ended up putting him on a public address and outside their network. He didn't need access, and it worked out well. I rebuilt his system every few months (usually about quarterly) and he was happy. Stepped up internal security JIC. Weird place. *shrug*
 
Last edited:
  • Haha
Reactions: philcourage
Are airplane USB ports safe? Or just as risky as ports elsewhere?
Depends on the fee? Most airline charge $10 for basic charging, but $12 for non-spy charging, which seems like a good deal, until you read the fine print, and see the connection try fee, of $2, which is why they won't switch to USB-C, every time you try to plug into a USB-A port the wrong direction you get charged another $2.
 
I think the concern is buying a 30000 mAh battery for only $30. One can only imagine the quality of battery cells they put in and god knows if they have any level of serious tests for those power banks.

If you live in the U.S., then there’s no competition for this stuff due to tariffs and bans. In that case you might think $30 is cheap when in fact it’s well above production costs for a quality bank.

How much do you think a 100Whr pack costs? Look up the BOM of an iPhone 12 Pro Max. The fancy L-shaped battery itself costs $6.

You can find plenty of teardowns of Xiaomi banks. They use standard ATL batteries, same supplier as Apple.
 
Well, airplanes for obvious reasons don't have standard wall plugs, only USB ports, and those are just as susceptible to attacks. Whether it is practical, however, is another matter.

Every flight I’ve been on for the last decade has had a standard power receptacle under the seat. But I only fly international.

I never use the USB ports due to poor power and voltage regulation. Plugging in your own adapter is best.
 
Depends on the fee? Most airline charge $10 for basic charging, but $12 for non-spy charging, which seems like a good deal, until you read the fine print, and see the connection try fee, of $2, which is why they won't switch to USB-C, every time you try to plug into a USB-A port the wrong direction you get charged another $2.
I'd be so bankrupt if that were true about USB-A :D
 
Or use a public charger to charge your power brick since it is a dumb device, and charge/run your device from it.

But is it/are they 'dumb'?

Many (most?) cables have a small amount of memory in them, I read, that might be able to be hacked. Many cables were hacked. It's not a place where it's easy to write things to, but there was a proof of concept 'tool' that allowed people to write to that space. That's how e-cigs and other things are hacked too. Some came out of China ready to charge, and infect whatever they were plugged in to that could be infected. Don't plug anything suspect into anything you own that is intelligent and that you value. If it's important, keep it safe. Someone asked me if there was a 100% safe computer. Well, there is. It's in a locked room with no network access and limited to a certain number of people. Preferably one. It also has no ports, etc... Obviously not very usable in today's standards except possibly for playing games? And then no updates...

Like in healthcare, and dating, Be Safe, Be Educated...
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.