 |
| Image from Pixabay |
Customs
wondered whether they could charge their mobile equipment at public
charging points. That question came to our team and when we talked about it, I
was looked at favorably: something for a blog?
Of
course, we could easily have answered, “No, don't do that!” (And I will
definitely do that later on.) But it is of course much better to explain the
ins and outs of the matter, and what alternatives there are. And it would also
be a shame to only serve my colleagues in the once green uniform, while this is
important for everyone - and also for you privately.
This
concerns charging via a USB cable. Something you probably do every day with
your phone or tablet - even if you have an iThing from Apple, because although
the slightly older iPhones and iPads do not have a USB connection, but instead a
Lightning connection, which plug is there again on the other side, on the side
of the charger? That's right, USB-A! And what's so dangerous about USB? Well,
it can do more than just charge: you can also send data through it. Perhaps
your printer is connected to your PC via a USB cable, or your laptop is
connected to an external screen with such a cable. Here is proof that data is
passing through your USB connection. So what? Ah, now we're touching on my area
of expertise. If data can flow somewhere, it can do so without you noticing.
And that can have consequences for the confidentiality of your data, or that of
your employer. Data can of course be anything: photos, contacts, texts,
spreadsheets, you name it. All things digital.
Criminals
know that too. On the pretext of 'data is the new oil' (in other words: you can
make a lot of money with it) they like to explore new paths. And what does that
have to do with those public charging points that Customs asked about? Well
look, such a public charging point is a USB socket on the train, the bus, in a
hotel room, you name it; you see them everywhere these days. Or it's a USB
cable dangling somewhere. Sometimes you’ll run into those small lockers for
charging your phone (I even saw them once at a security conference...). The
problem with all those generous electricity suppliers is that you don't know
what – and who – is behind them. And here's the thing: you can add something to
those sockets and cables, or plug something in it that is more than just a
charger. There are even cables available with plugs that transmit information
to their owner via WiFi. All this outlines the risk scenario at stake here:
that someone steals data from your device via a seemingly innocent, free charging
option. This phenomenon even has a name: juice jacking. Your data is being kidnapped
via the power cable.
However,
in more than nine out of ten cases, such a public charging point will not be a
problem at all. I don't see a hacker easily taking a train apart, hiding
something in a USB port and then hoping that one day someone with important
information will connect their phone to exactly that charging point. With a power
cord dangling from a well-intentioned pole in the city, or in one of those charging
lockers, it’s a different story, because they are much easier to manipulate.
The majority of victims of these attacks, however, are targeted, because they possess
specific information. When I talk about targeted attacks to my primary audience,
I always mention two organizations: Customs and the FIOD (the Dutch Fiscal
Information and Investigation Service). Both have information that is
interesting for criminals, and for sure Customs officers sometimes make their appearance
abroad, and that sometimes makes things a little more exciting.
What
can you do to avoid the use of public charging points? Leave home with a full
battery, and if you know you won't make it, be prepared: bring your own charger
and cord. Going somewhere where you won't find an electrical outlet? Then put a
power bank in your bag. Preferably a slightly more expensive one, that charges
your device quickly. If you really cannot avoid a public charging point, use a
USB condom (or a juice-jack defender, if you don’t like the former term). That’s
a plug that goes into your device and takes that public charging cable in the
other end. USB condoms only allow electricity to pass through, not data. Never
use a charging cord or charger that you found somewhere; they may not have
ended up there by accident. And if your device lets you choose between data
transfer and 'charging only', choose the latter option.
Well,
as predicted above, it comes down to this: just don't use public charging
points. Nowhere, never, even if you are 'not important'. If you apply that
principle, you will never have to think about it again.
And in the big bad world...
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- researchers constructed an exploit that compromises computers during startup.
- QR codes can be misused in all kinds of ways.
- the Dutch Intelligence
Service’s annual Christmas puzzle is online.
[DUTCH]
- this vulnerability wasn't one after all.
- data of millions of clients of a commercial DNA testing company has been leaked.
- you can make a lot of money if you help the US fight North Korean hackers.
- these phishers hide behind a made-up vulnerability in Wordpress.
- “Have I been pwned ?” turned ten.
- of course you can also hack a nuclear power plant.
- a Russian hacker pleaded guilty in the US.
- your password manager may be leaking passwords to apps.
- the
Dutch privacy
regulator is concerned
about generative AI. [DUTCH]
- the same applies to the British.
.jpg)
No comments:
Post a Comment