The Los Angeles Attorney's Office has issued a warning that warns travelers against using public charging stations that use USB. We are talking about charging stations in hotels, airports, cafes, public transport stops, and so on. According to the authorities, malware can spread in this way. Instead, users are advised to buy a power bank, car charger, and use only regular power outlets. Interestingly, the warning appeared for a reason: according to TechCrunch journalists, law enforcement agencies are already aware of such attacks somewhere on the East Coast of the United States.
It must be said that the authorities' warning is not meaningless, because in recent years, information security specialists have demonstrated many malicious concepts of this kind.
One of the first power adapter hacks was the Mactans solution, shown at the Black Hat conference back in 2013. Researchers have demonstrated that iPhone can be jailbroken through a dedicated USB charger.
Then, in 2021, renowned researcher Sami Kamkar created KeySweeper, an Arduino or Teensy-based device disguised as a USB charger. It worked as a wireless sniffer, decrypting, storing and sending over GSM all keystrokes from Microsoft wireless keyboards. The FBI then issued a nationwide warning urging organizations to stop using USB chargers.
However, Los Angeles prosecutors have warned against many different vectors for such attacks. For example, through "pluggable" USB-charging. These portable USB chargers can be plugged into a regular power outlet, and criminals can "accidentally" leave them in public places. Also, according to the prosecutor's office, even those charging stations where the user has access only to the USB port are dangerous. After all, attackers can upload malware to public charging stations.
The warning also covers USB cables left in public places. Microcontrollers and various electronic components have become so tiny that criminals can hide a real minicomputer and malware inside the cable. One of the striking examples is O.MG cable, the creator of which recently started serial production of malicious cables.
However, users can not only carry their own cables and chargers with them at all times, but also use simple sockets. In addition, you can buy a special USB cable without data transfer ", where the contacts responsible for the data transfer channel are simply removed, and only power is available. In addition, there are so-called" USB condoms "that serve as a buffer between an untrusted USB charger and the user's device. Some of the more well-known solutions in this area are SyncStop (formerly known as USB Condom) and Juice-Jack Defender.
(c) xakep.ru
