Los Angeles Attorney's Office issued a warning, which warns travelers against using public charging stations where USB is used. We are talking about charging stations in hotels, airports, cafes, at public transport stops and so on. According to the authorities, in this way the malware can spread. Instead, users are advised to buy an external battery, car charger, and use only ordinary power outlets. Interestingly, the warning appeared for a reason: according to TechCrunch reporters, law enforcement officers are already aware of cases of such attacks somewhere on the US East Coast.
I must say that the warning of the authorities is not without meaning, because in recent years, information security experts have demonstrated many malicious concepts of this kind.
One of the first hacks through the power adapter was the Mactans solution, shown at the Black Hat conference back in 2013. Researchers have shown that the iPhone can be hacked through a special USB charger.
Then, in 2016, the famous researcher Samy Kamkar created KeySweeper – a device built on the basis of Arduino or Teensy and disguised as a USB charger. It worked as a wireless sniffer, decrypted, saved and sent via GSM all keystrokes from Microsoft wireless keyboards. After that, the FBI issued a nationwide warning urging organizations to abandon the use of USB chargers.
However, representatives of the Los Angeles prosecutor's office warn against many different directions for such attacks. For example, through "plug-in" USB-charging. Such portable USB chargers can be plugged into a regular power outlet, and criminals can “accidentally” leave them in public places. Also, according to the prosecutor's office, even those charging stations where the user has access only to the USB port are dangerous. After all, attackers can download the malware to public charging stations.
The warning also covers USB cables left in public places. Microcontrollers and various electronic components have become so tiny that criminals can hide a real minicomputer and malware inside the cable. One of the striking examples is O.MG cable, the creator of which has recently taken up the serial production of malicious cables.
– _MG_ (@_MG_) August 12, 2019
However, users can not only always carry their own cables and chargers, but also use simple sockets. In addition, you can buy a special USB cable without data transfer ", where the contacts responsible for the data transfer channel are simply removed, and only the power works. In addition, there are so-called “USB condoms” that serve as a buffer between an untrusted USB charger and a user device. Some of the best known solutions in this area are Synctop (formerly known as USB Condom) and Juice-jack defender.