USB cond . USB malware

When you connect a portable disk, tablet or smartphone via USB, for example for charging, there is a non-zero probability that the device will be infected with malware. Many, knowing that the system will ask for confirmation to communicate with the computer, without even thinking, charge their smartphone anywhere. But not many people know that the hardware responsible for communication also has loopholes. Sometimes these are “backdoors” specially left by the manufacturer for debugging or recovery of devices, sometimes it’s just a vulnerability in the protocol, software or hardware component of the system.

For example, in certain circles rumors persistently (IMHO has not yet been completely confirmed by anyone) that for root access (unlimited access to the device) to some models, for example from Samsung, with Android on board, a fairly specific set of signals will “knock” on USB.

But real evidence of hacking smartphones is also known - at the Black Hat 2013 conference held in Vegas, security specialist Billy Lau successfully demonstrated hacking iPhone when the phone is connected to charge via USB to his mini-computer he made a call. In principle, he could install on the phone any program (not from the Apple Store) that could integrate itself deeply into the device’s operating system and, for example, would allow tracking user actions on a smartphone (typing on the keyboard, including password), its location ( GPS coordinates), take and send screenshots, etc.

Forewarned - armed

Such an autopsy process can be fully automated: identifying the device, opening it in a manner appropriate for it, and launching a virus compatible with the device. In practice, such a mini-computer can be hidden for example installed in public places equipped with charging boxes via USB, or even mounted in a power supply and sold to you through an online store (the same eBay, Amazon, etc.). It is theoretically possible that in the near future the home computer may be infected with such a malicious program hacking through mobile USB devices.

Below are several ways to prevent this kind of “hacking”. Honestly, I didn’t think of it myself - I spied on the Internet .

USB cond.

It should be noted that it all started with this: after hearing on the radio about the invention of the USB condom (the original name of the authors), calming down his sense of humor under the table, with the words "why people don't make money", he began his little investigation on the Internet. Not to say that the paranoid woke up from what was read in me, but it made me think for sure unambiguously.

So, USB cond. This device, corresponding to the name, is put on a USB cable and tritely cuts off the data bus at the input (leaving only the ground contacts and + 5V for charging), which accordingly makes any connection with the device impossible. It costs in the original a lot of - 10 killed raccoons.

Sticking contacts

This method is closer to the “condoms" and it’s very easy to implement on some USB plugs: we have four contacts, the left one is the mass, the right one is 5 volts, we leave them, the internal ones for the data are sealed, even with adhesive tape (it can be erased from frequent use over time , here again the analogy with the condom ).
Everything, such a USB cable can now be used only as a charger. In the USB3.0 plug (type A), you must also glue all the internal contacts (located further from the end of the plug). The pinouts can be seen here and here (USB 3.0) .

There is a contact or a method of “incomplete insertion”

In many USB plugs, the left and right pins are longer, i.e. if the plug is carefully and slowly inserted before the charging signal appears, then the data contacts will not close and communication will therefore not occur.

Y cable

For safe charging, you can use the so-called. Y-cable (branching USB cable), after making sure that one of the plugs of which initially does not have data contacts. Such a cable is also convenient because if necessary it can also be used for communication with a computer, simply by inserting the other end of the cable (with data contacts). In addition, the Y-cable can be bought in online stores much cheaper than 10-way (well, spoiled the business for sellers of USB-condoms).

So please protect yourself and do not pop in unprotected plugs where you do not fall into the slots of others.