Friday, October 2, 2009

Rogue Phone Charging Station

You may have seen cell phone charging stations at airports. They take your money and have adapters for a lot of different phone times. Stick your money in, plug in your phone and get it charged during your layover.

This got me thinking - a lot of phones, particularly smart phones, are going to USB cable charging. This makes sense since they’ve got cameras, play MP3s, and any number of mobile device functions. These functions generate and consume a lot of data that’s got to come from somewhere and has to be backed up. Since USB does data transfer and does power it’s a natural fit.

Those charging stations provide power but don’t do data transfer. But what if they did? Would you notice? You plug in your phone and leave it plugged in for twenty minutes, how much data could it transfer? Most USB data devices expose them selves as simple read/write mass storage. A charging station could slurp up a lot of data in twenty minutes, especially if it knew where to look based on device type which could be determined through probing. It would be even quicker to drop a small piece of malware on the phone.

I’m not just about pointing out potential problems, I’m also about solutions. One could conceivably have a USB condom. This would be a USB coupler that will allow power to pass through and potentially could have enough smarts to probe the device plugged into it so that the device thinks it’s plugged into a computer. I’ve heard of devices that will only accept power when they’re plugged into a computer.

Keep this in mind. If your phone is low, might not be a good idea to plug it into a foreign port. That charging station or helpful stranger might not be as well-intentioned as it seems. Even if they are they might have been compromised such that they are unwitting participating in the compromise of your handheld device.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.