Are Public USB Chargers Dangerous?
HTML-код
- Опубликовано: 1 июн 2024
- Unify and simplify your PC components! Check out Corsair’s iCUE Link Smart Ecosystem at lmg.gg/CorsairiCUELink
Is "juice jacking" at airports, hotels, and other public places a real threat?
Leave a reply with your requests for future episodes.
► GET MERCH: lttstore.com
► LTX 2023 TICKETS AVAILABLE NOW: lmg.gg/ltx23
► GET EXCLUSIVE CONTENT ON FLOATPLANE: lmg.gg/lttfloatplane
► SPONSORS, AFFILIATES, AND PARTNERS: lmg.gg/partners
FOLLOW US ELSEWHERE
---------------------------------------------------
Twitter: / linustech
Facebook: / linustech
Instagram: / linustech
TikTok: / linustech
Twitch: / linustech - Наука
Juice jacking is real. I once tried to charge my phone at an airport and someone stole my Capri Sun.
This... Just made my day, thank you.
n-no, not the capri sun! No! NOOOOOOOOOOOOO!
Capri sun isn't even real juice
@@C4Ti0 thank you for your input honey
HAHAHAHAHA
Actually, I bring power banks because most public charging points (or electrical outlets) at airports are broken, inconvenient, or both.
And if they do work they are usually slow and/or out of date. Public spaces should provide power outlets not USB ports.
I always bring a 20Ah powerbank with me and charge them at public USB (and maybe charge the phone via PB at the same time). So there's no way to hack a phone that way.
But mostly I don't use them at all becouse they're usually very slow and inconvinient (if they're work at all)
and usb c is much faster and i have a power bank with me anyway
Or there are Like two of them in the entire Airport and Always hogged
Yeah here in metro / trams there are USB power sockets but there's always a risk of hacking when usb has data wires too and also on each station it gets turn off and gets turn on after metro starts so frequent charging and discharging
And that's why i tend to have a lot of powerbanks. And use public USB chargers to charge powerbanks instead of my phone.
But what if they hack your powerbanks and use it to gain access to your phone once you plug it in?!
@@Argylleagenpowerbanks dont even have a way to transfer data, not even an OS or anything
@@nov1st /woooooooosh
@@superblaster01 how tf is it a joke, the comment seems more like actual stupidity than a joke
Actually I just bring a nuclear reactor with me. That way, I can power my portable phone, laptop, oven, microwave, and house
most likely if we saw an attack like this in the wild, it would target specific popular older devices that aren't patched. it's not all *that* difficult to look up old CVEs and write software to take advantage of them; the CVE itself usually explains exactly how the attack would work. the big problem is the range of devices and how different they all are. so it's very possible that this method could be used as a vector for attacking older or unpatched iphones or samsung devices, as these are both fairly popular targets and there are plenty of people running them on old firmware versions. the biggest challenge would probably be not getting caught screwing with public chargers, but this isn't an insurmountable challenge either.
Most public chargers are only used in a pinch anyway. Many people prefer power banks because public charging outlets are usually on the old standard where it's limited to 1.4a per usb connection and, if multiple people are using the charging outlets, you can be throttled to even less power because it has a power supply that can supply power that's less than the possible full demand of all the connections.
@@ianbelletti6241 Yah, if I know I might be somewhere long enough for charging to be an issue, I'll bring my own charger that I can plug into any old outlet. ...And/or charge my phone in my car on the way there.
More concerned about the port frying my devices, this could be someone simply acting out of malice, or even just a faulty port (are hotels really going to go for the most expensive ports with lots of protection?).
Surely that's not possible? USB cables can only throughput so much charge. If a port were to overload it would just kill the port, not the device.
@@BassLiberatorsever heard of the USB killer?
USB has fuses on both ends. USB killers are specially designed repeated high voltage burst attacks and wouldn't occur from a faulty charger.
The only thing hackers would achieve is a loss of reputation of whatever business had the charging port, I'd be much more worried about your phone getting stolen or something.
you could also use a usb data blocker which physically has no connections to the data pins, or you could make a cable serving the same function by cutting through the data wires
Isn't the downside that the device then cannot request faster charging?
@@K-o-R I doubt that some public usb charging port will offer fast charging
i have those squid cables with micro usb, usb c and lightning it charge fast even though no data
It's called a USB condom
One of the things my GF always tells me on the bus is that they're not power-surge-protected, and that a ton of people have experienced battery issues after charging their phone on the bus. That's the main issue that I have, and it's often overlooked. I never hear this point being brought up in any of these kinds of videos.
We get it, you have a GF
@@WillyJunior lol? I'm mentioning my GF as she used to work in a phone repair shop and repair said phones
@@loyalorange503 I APOLOGIZE GOOD SIR. Have a great day 💖
If something is potentially dangerous then you should always treat it like it is dangerous, taking the precautions to make it as safe as possible.
The problem with that theory is that everything is "potentially" dangerous. Risk assessment should be done, but sometimes you just to roll the dice and less dangerous things
@@firesliver7 My approach doesn't preclude doing risky things, it just promotes taking reasonable steps to mitigate the risk. Helmets for bicycles, a weapon for home defence, excess supplies when camping, a USB protector when plugging into public ports, that sort of thing.
Well going out to the street is potentionally dangerous.
And the manufacturers have already taken the precautions. That's why phones don't allow data transmission over USB without explicit permission from the user. Despite this blowing up in the media recently, there has still never been even a single case of this exploit in the wild.
What's really telling about this, is that you have law enforcement agencies warning people that their phones will be hacked if they plug into a public charger for even a moment, while at the same time lamenting that they can't break into phones in their labs with dedicated equipment and weeks or months of time when searching for evidence. Those two statements are completely contradictory!
"Someone with one very specific model of phone would have to plug into their charging station."
Which is incredibly easy to anticipate if it's an iPhone.
Technically possible yes, but someone would have to be either very stupid or desperate to waste such a good exploit on this.
Also considering the many variants of fast charging out there, taking your own cable + brick seems like the best solution
Also while technically possible, there are no confirmed instances of this actually happening.
If you're really worried about this... I insist that USB data isolators (or whatever you call them), power banks and all connectors should be in transparent cases. Otherwise, we cannot know for sure what is inside them.
Lol that won't help much. You can hide basically anything in cables and circuitry
Years ago, while going through a contentious divorce, my phone was imaged by a data forensics service as part of discovery. It was a then new Pixel model and proved a bit tricky to do because it had a habit of rebooting in response to the attempts
Get a charge-only USB cable?
But if you use a charge only USB cord (for Android) you're safe
Blue Raspberry 😂 I get that
Thanks for the explanation! The easiest way to not get "juice jacked", is to use power banks or to use a "power only-USB-cable", the added benefit, they are most times cheaper than normal ones (to check if your USB cable is "power only" try plugging your phone with the cable into a trusted device that can read/write data (PC for example), if it can't be "connected" due to the cable, you could be more certain that its a "power-only-USB-cable"). (A power-only-USB-cable is a cable that has only the power wiring of the USB-port, when there are no physical data connection wires.)
No, the easiest way not to get "juice jacked", is exactly as they show in this video, to use public USB chargers as normal, and simply not go through the hoops of enabling USB data on your phone. As he says in the video, no attack has ever been seen in the wild, because it's completely impractical, and because phones are hardened against exactly this type of attack.
this comment is stolen
Or you can use cables that only have leads for power, at the expense of a slower charging. Anyway, I always carry some beefy powerbanks
3:10 this is an example of a very sophisticated attack, i mean look at those Wingdings.
Not as dangerous as... public wifi
This comment is sponsored by Nord VPN
You know what a public wifi is right? It's line a wifi... only its public. 😏
Another option you can use if you're paranoid is to get a "USB condom", a special adaptor that plugs onto your phone's syncing cable that blocks data signals but allows power to pass through. You can also buy charging only cables for lightning and USB-C you can use over the regulator sync cable for your phone.
Alternatively, you can carry a USB cable with no data contacts on it
3:53 this shot is art.
Love the early 90s throwback: "All Your Data Are Belong To Us"
Yessss. Loved that reference
Thanks for the video!
03:54 that shot of Linus is priceless hahahahah
3:51 that specific high value target xD
I'll give you a tip to avoid data transfer. Buy a long (8t or more) very cheap cable, like dollar store cheap. Those are physically incapable of data transfer, you can test it by trying to connect it to your pc, nothing happens.
Top tier tip: if you want a charge-only cable: buy a charge only cable! What a life hack xD
love that specific value target bit XD
Use it to charge your charger. You can also use a charge-only cable with no data line, kind of a hassle though.
But what if they hack my charger?!?
@@SF2K01 The newer ones with intelligence built-in are a worry. Especially if it has a Ras-Pi in it. For travel, use the old-school type that just has a battery and basic circuitry. That's actually the only type I have. If I need volt/amp readings, I use a multimeter, which can be used for many other things.
When I hear the term juice jacking, I always think of the Lunk Alarm at Planet Fitness for some reason. 😅
not to mention your sponsor directly, but they sparked the idea;
Can you do a short circuit on the eco systems for RGB/fans like corsairs ICUE? there's a lot out there and some have interoperability with others/ without. I feel LMG would be able to explain it well for the average person that wants to:
A: spend extra to make their PC look ballin/sound silent.
B: not spend extra, extra to have multiple controllers to control each ECO system.
C: know the actual performance hit for the software involved.
I know C has been done several years ago on this channel to some degree. However with labs needing to earn its pay(lol), and many of the software suites involved having matured(in theory). current performance metrics deserve a recap. As I recall, some were super bad, but may be more/less impacted by modern/older hardware.
It could easily be a video series redone every couple years. "visual PC systems" or some such. Its a very seldom covered topic I believe you all could do well; thanks in advance.
PS. I have a friend who spent less than 700$ on core system components, but bought all Noctua shiz for sound.. There's a lot of people who spend the money for "nice to haves" instead of maxing out raw power... that's why i buy mac laptops. Don't make fun of me. but here's some anecdotes for why this video idea matters.
PPS. I spent more time editing this comment than writing it.
After all this time editing this, I still did not capitalize the first word of the whole thing :(
With most modern processors now having so much more performance compared to their previous gen (especially on desktop) i think it shouldn't be that hard to keep this app in the background. I mean there's a lot of people who just kept the browser open and then went to play a game and that is still fine too. As for nice to haves, well they are nice to haves, if they like RGB they can decorate their PCs with RGB, If they want super silent fans then they can do that too. Same as people putting spoilers, body kits on their cars even though it won't give any performance in normal day to day use. Mac laptops (pre M series era) are not that great at maxing out raw power, yes their OS are much more optimized than windows, but they also made a laptop with no cooling (macbook air 2020). Which will made it throttle instantly the second you give something heavy for it.
3:53 - Got me 😅
The high value target made me laugh out loud for real. congrats. Legit rare that happens lol.
Seems like it would be good to have power only cables
the main proplem whit those is that you may not get the full charging speed the phone is cabable of.
@@mr.battlecats5512 how likely would it be that the outlet would support fast charging anyway?
"All your data are belong to us" - nice reference!
This is technically possible.
But, remember that most of the times USB chargers are under eyesight from security, being it the owner of the place or security cameras. If someone would try to hack them they would be probably be spotted soon enough.
I have a charge cable and the data lines are not connected. Two resistors on on end to D- and D+ to ask for 500mA. Other end disconnected. No data transfer possible. Phone charges slowly.
good thing one of my usb-c cables is broken for data transfer but still charges. good to see one of my broken tech still serves a purpose. is there a way to mess with ur cable intentionally?
I found a 2 week old Sausage Egg McMuffin in a fridge and attached it to my head as a hat and drive around waring it
If you plug in a cable that does only support charging (like the apple mac usb c or usb c to magsafe cable) you can charge without hesitation. Is it so?
Wouldn’t it be easy to mod a cord so only the charge pins are active eliminating virtually all chance of juice jacking? If so Linus and crew ought to post a list of such available cords or an instructional on how-to modify a regular cord…
That is a charge only cable, and there are adapters usb c female usb c male that also do that, they only have the charger pins
"blue raspberry"
Riley said it like he's Batman 1:00
there are cables out there that don't transmit data, idk if you can buy them because the ones that I use came with my jbl headphones
Reading through the comments on this video, it appears that almost nobody actually watched it! You spend the whole video explaining why people shouldn't worry about this. And yet all the comments are people worrying about this.
You're the first person I've seen to actually expose this whole ridiculous thing, most people are so paranoid about this, despite phones not actually allowing it.
The video: You can't be hacked through a charger.
The comments: Everyone sharing the products they bought to prevent charger hacking.
there are adapters for this purpose that connect between the cable and the outlet, they only provide power, no data connection
At 1:16; that’s just a Pi-like SBC, not an actual Raspberry Pi since some components are not the same and the board color is red instead of green.
I would be a lot more concerned about fake charging stations designed to kill your phone. We've already seen devices that look like a USB flash drive that are just a bunch of capacitors that build up then discharge all at once to kill your computer or at the very least your USB bus.
Use a power-only USB cable, or just tape the middle two pins of the USB type A connector with electrical tape. Pins 1 and 4 are power, 2 and 3 are data.
This "Juice Jacking" thing is why I always have a powerbank on me. I can charge the powerbank from the public USB port and thanks to it being a powerbank; it's too dumb to get compromised. Meaning that I can safely use that powerbank to charge my phone or other portable device should the need arise
So what you're saying, is that you didn't even watch the video that you're commenting on?
Could you do one on safety of using nfc/ nfc on phone?
I don't know if it's just me or the video is bugged
And why does its resolution only go up to 720p
*I bought a USB 2xA and 1C it says 65W and yeah the phone charges pretty fast on the USB A but the USB C is charging my camera really slowly, slower than when the camera is plugged into the laptop*
Power move: Charge the power bank that's charging your phone
But my Samsung phone always asks me when I plug the cable to my pc if I want to transfer data or charge only so how would the steal my data when I select charge only
Power banks ftw, honestly. Its a thing for many years now. Cheap too. 20 bucks for 10 changes of a modern expensive phone. If that ain't cheap, i dunno what is. Spend 40-50 bucks, and its even better.
What if you only use a lead with the positive & negative connections without the data pins connected, that would save carrying a powerbank, wouldn't it?
Does having USB debugging enabled make a difference? I suppose it's a slightly larger attack surface that way
Im sure that does have an effect.
You have to allow the connection first.
There's those portable chargers to use known as "power bank" .....I think the ones made for iphones should be called "apple juice" 😂
I feel like a simple solution for this could be an adapter that simply doesn't make data connections between the cable and the phone. Since it would just be a few electrical connections it would be pretty easy & cheap.
what if you use a cable with only + and - with cut data lines?
I never understood these. Why not just an outlet? For foreigners without an adapter?
I carry a 20,000 mAh charging brick with me when I travel. Never needed to use public charging stations anyways because they're always full.
I would put line voltage through the data pins. A little zap here, a little zap there...
Or you just use data blockers (they are around 1-2 dollars) and just connect the charging lines physically. The communication is handled from a chip in the adapter, not your phone directly, and you are absolutely safe.
SAIK!!! I changed my power bank there instead 👍
Juice jacking is not limited to hacking. Most phones, when connected to a PC will work as an external storage device.
Some of those charging stations could simply be making a copy of that data which may contain personal information and photos.
Not every ‘hack’ needs to be sophisticated. Sometimes the easiest ‘hack’ is the most effective.
For android that would only work on older phones. Newer ones default to charging only when connecting.
Couldn't you use a modified usb cable with the data lanes removed?
I always brought a wall charger with me and a power bank when on the move...
It's about as safe as piblic wifi...
When I hear "juice jacking" I think of something completely different!
Protrusions all around! Huzzah! 🍻
We don't have any USB chargers here lmao
inb4 we start getting ads for "secure" cables for 299 each
Another thing one can protect from this is using a USB cable for charging only and can't carry data I own a few and tested them
I just charge my phone at night so I don't need to recharge it during the day. The only time that doesn't work is when I'm on vacation and go through more battery life, and at that point I just head back to my hotel room and recharge it.
As risks go you are more likely to connect with a rogue wifi access point
I was having trouble with my battery lasting all day so I bought a battery case. It only makes the phone a little bit bigger than a standard case. My device will now last all day of listening to music and watching videos.
Use the public charger to fill your usb power bank.
Thanks for the free power, hackers!
I am more worried about leaving the phone while it is charging and someone stealing the device
I hope this does not happen with wireless chargers since it uses nfc and nfc can be used to send and receive data, I don't use wireless charging because it's too slow and makes the phone hot. There are already wireless charging stations and hackers might end up embedding a chip on the wireless charing stations to hack people with air drop capabilities to have access to peoples phone with using nfc to send and receive data. It's something to consider since convenience is used for most things nowadays.
Sure !
3:53 new meme!
I carry my own chargers because too many public ones are either broken or limited to 2amp.
Would turning off the device while charging not be a solution?
Define 'off' ;) On most electronic devices these days there's no physical on/off switch. There's perhaps a button that turns the device on/off but that's just done in software. This means the device is always 'on', pushing the button just tells the device to power up all the way or go back to a sleep/standby state.
For debugging purposes as well as accommodating repairs, most phones can still be (partially) accessed over USB even when turned 'off'.
Now if you remove the battery from your phone then yes, that's pretty much as off as it can ever be. Most people however can't or won't remove their battery ;)
And this is why I bought a power bank, I'm not risking plugging in my phone in public and getting a nasty virus on my phone.
Need to use a power only cable
"As of April 2023 there have been no credible reported cases of juice jacking outside of research efforts" -wikipedia
Never use public USB ports. Someone can steal information with that, and you’d never know.
Just get any power bank to bring with you when you’re on the go, Anker most likely still has a good 20,000 mAh one for 60 CAD or so.
And there are also data blockers / usb condoms if you are paranoid^^
3:52😂
Or just buy/build sleever. 2 opposite USB connectors, connect power pins with wires, and you're done.
Why not just power down the phone before plugging it in? And leaving it off until it's finished charging. It'll charge faster and I don't believe any data can be exchanged while it's off.
You can use data blockers on usb cables.
while unlikely, is it worth the risk?
And this is part of why i usually bring my own charging brick.. besides screw the very slow USB, QC and PD is where its at 😎
Good thing the USB outlets on buses and trains protect me from this by never working
Considering today’s data handling capabilities especially with countries like China (Hong Kong is a major travel hub), “paranoia” isn’t something you should attach to the data-safety of individuals. Since most public charging stations are run by big companies who see their shareholders as their true clients and thus will cut corners with anything to save some money, it would be pretty easy to ‘accidentally’ break a charging station and get the cheapest labourers they hire to install a harmless looking small box ‘to prevent further problems’.
Also, it’s pretty fu€king unprofessional to call people paranoid. Hope you reflect on that.
Why not just hack a usb cable cut the data lines 🤔
Unless of cause 5v is not powerful enough.
But what if you just turned off the device before charging?
or is there access afterwards?
Use a charge only cable