Los Angeles Prosecutors issued a note to warn tourists against using public charging stations using USB.
The talk is about charging stations in hotels, airports, cafes, at public transport stops and so on. According to the authorities, through them can spread a malware.“Travelers should avoid using public USB powercharging stations in airports, hotels and other locations because they may contain dangerous malware. The malware may lock the device or export data and passwords directly to the scammer”, — says a warning from LA law enforcement agency.
Users are advised to buy an external battery, car charger and use only ordinary outlets.
It is interesting that the warning appeared for a reason: according to TechCrunch reporters, law enforcement officers are already aware of cases of such attacks somewhere on the US East Coas.
It is important to say that the warning of the authorities is not groundless, because in recent years, information security experts have demonstrated many malicious concepts of this kind.
Read also: DDoS attack in Iran was conducted through Telegram proxy servers
One of the first hacks through the power adapter was the Mactans solution, which was shown at the Black Hat conference back in 2013. Researchers have shown that the iPhone can be hacked through a special USB charger.
Next, in 2016, the famous researcher Samy Kamkar created KeySweeper – a device built on the basis of Arduino or Teensy and disguised as a USB charger. It worked as a wireless sniffer, decrypted, saved and sent via GSM all keystrokes from Microsoft wireless keyboards. After that, the FBI issued a nationwide warning urging organizations to abandon the use of USB chargers.
However, representatives of the Los Angeles prosecutor’s office warn against many different directions for such attacks.
“An attack through the so-called “Plug-in” USB-charging. Such portable USB chargers can be plugged into a regular power outlet and criminals can “accidentally” leave them in public places”, – say the Los Angeles authorities.
Additionally, according to the prosecutor’s office, even those charging stations where the user has access only to the USB port are dangerous. After all, attackers can download the malware to public charging stations.
The warning also covers USB cables left in public places. Microcontrollers and various electronic components have become so tiny that criminals can hide a real minicomputer and malware inside the cable. One of the striking examples is O.MG cable, the creator of which has recently taken up the serial production of malicious cables.
Users can not only always carry their own cables and chargers, but also use simple sockets. In addition, you can buy a special USB cable without data transfer “, where the contacts responsible for the data transfer channel are simply removed, and only the power works. In addition, there are so-called “USB condoms” that serve as a buffer between an untrusted USB charger and a user device. Some of the best-known solutions in this area are SyncStop (formerly known as USB Condom) and Juice-Jack Defender.
User Review
( votes)
