Quantcast
Connect with us

With USB-C, even plugging in can set you up to be hacked

Published

on

Plugging in the power – or at least what you think is power – to a USB-C powered laptop can connect your computer, and the valuable personal data on it, directly to hackers. Your personal financial information, passwords and documents stored on the laptop could help a cybercriminal steal your identity. The laptop may even be used to attack your employer’s computers and network.

ADVERTISEMENT

The European Union is already moving to require all smartphones be compatible with USB-C power adapters – itself a move that endangers users’ privacy. If the EU made a similar standard for laptop computers, it would threaten to make the problem worse, by increasing the number of people vulnerable to what is basically the digital equivalent of pick-pocketing.

From mobile phones to laptops

Public phone chargers and USB ports can be a threat to mobile phones, if they are modified to attack them.
AP Photo/Jessica Hill

Mobile phones have been hackers’ targets for years. Phones that are left behind or stolen can contain sensitive personal data that can let a criminal open a new bank account or take out a loan.

However, a far more insidious way to get the data is to simply connect to the phone and steal everything it holds. As the phone is not lost, the user may be unaware that anything is wrong. Attackers try to get access to mobile phones via their internet connections and local wireless connection technologies like Bluetooth and Wi-Fi.

But some attackers are finding a weakness in phone charging. Many newer phones use the same port – one of several types of USB – for both connecting to a computer and charging. A charger could be modified to attack your phone via that trusted connection. This has led some researchers to recommend never using public USB chargers for your smartphone.

ADVERTISEMENT

Older mobile phones, including some smartphones, that used power-only connections didn’t have to worry about this issue. Users of these devices can plug in to public multi-device charging stations without worry, as there is no connection to the device’s data. For those with combined data and power ports, however, the same port that many people only use to power their phone is commonly used by hackers and even law enforcement to access the data on it.

Laptops can now be attacked by USB power ports

Until recently, laptop computers had enjoyed some protection, with most having a dedicated power port to connect their chargers to. Other purpose-specific ports allowed connections to desktop monitors, conference room projectors and other devices, without need for concern. USB-C changed this, with one high-speed port now able to provide and receive power, send video signals to projectors and monitors, and connect to USB thumb drives and numerous other peripheral devices.

Most of the time, this is extremely convenient, reducing the number of different ports needed on today’s lightweight and compact laptops. However, it also allows criminals to attack the computer of an unsuspecting user who is just trying to charge the device’s battery.

ADVERTISEMENT

Some laptops have only USB-C ports, which are used to power and charge the laptop and for data communications. By using a data interface for charging, chargers can be used to attack the laptop.
weberjake/Shutterstock.com

With the European Union potentially requiring phone makers to standardize on USB-C chargers to reduce waste and provide consumer flexibility, similar rules for laptops may not be far behind. In any case, people with laptops powered by USB-C and those who connect to USB-C screens and projectors in public areas need to be vigilant.

Compared to a mobile phone, laptops may contain far more data. Some laptop users may not have these files backed up to other locations, which makes them vulnerable to deletion or even encryption for a ransom payment. Hacked laptops can also serve as a method to get viruses and other malware into sensitive business or government facilities, bypassing firewalls, intrusion detection systems and other network security mechanisms. In short, they may be much more attractive targets to hackers.

Prevent problems by not plugging in

As someone who researches and teaches courses related to cybersecurity, I follow numerous reports of scam websites, all manner of fraudulent callers and electronically distributed viruses – all trying to steal personal information.

ADVERTISEMENT

Alleged overseas hackers, like Lauri Love, who is accused of hacking the U.S. military, rarely stand trial in U.S. courts.
Geni, CC BY-SA

Criminals run these scams from the other side of the world, making them hard to track down and bring to justice. While there is little you can do to prevent your data from being released by large-scale hacks of personal data like the Equifax breach, you can reduce your risk of power-connection hacking.

USB-C laptop users should not plug in to airport, hotel or other public USB ports without protection. Charge-only adapters, portable USB batteries and cables that can shield the data connection are possible solutions. At present, in most cases, it is best to just plug the laptop’s power supply into a normal wall power outlet; many public USB ports, which follow the older USB-A standard, don’t yet provide enough power to run and charge a laptop anyway.

When connecting to other devices, check for signs of tampering, such as missing screws, scuffing and other wear – particularly around screw holes and edges. When projecting for others, use your own USB-C to VGA or HDMI converter and connecting to these ports.

ADVERTISEMENT

Over time, the computer industry may be able to create tamper-evident USB devices and other ways of protecting USB users, like ATM manufacturers have tried to do. Until then, USB-C users need to protect themselves by not connecting to public, insecure and other potentially compromised or suspicious USB ports. Information technology managers face a tougher battle and may try to avoid USB-C powered devices or train users to use them safely.The Conversation

Jeremy Straub, Assistant Professor of Computer Science, North Dakota State University

This article is republished from The Conversation under a Creative Commons license. Read the original article.


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

2020 Election

Taylor Swift could swing 2020 against Donald Trump — a GOP consultant did the math

Published

on

Singer Taylor Swift could play a key roll in the 2020 presidential election, a Republican strategist explained on MSNBC on Saturday.

Swift has been public in her criticism of President Donald Trump and told Vanity Fair she is intent to "do everything I can for 2020."

Republican strategist Evan Siegfried was asked about Swift's activism by MSNBC anchor Alison Morris.

"At the same time, Taylor Swift did to something very good, urging people to register to vote months before the election," he noted. "A lot of young people did that."

Continue Reading

Breaking Banner

Hope Hicks considered a ‘pariah’ in Hollywood after working for Trump: She’s wearing the ‘scarlet T’

Published

on

Former White House communications director Hope Hicks has received a frosty reception in Hollywood, where she moved after leaving the administration.

Hicks is currently working as the chief communications officer for the Fox Corporation -- the parent company of Fox News.

But having worked for Donald Trump haunts Hicks, Graydon Carter's newsletter Airmail revealed in an article titled, "Hix Pix Fox Flix: Ex–Trump whisperer Hope Hicks spins the Hollywood liberal establishment."

"If you’re young, beautiful, have a power job, money to play with, and a Brentwood Zip Code, Los Angeles can be a lot of fun. Unless you’ve got Donald Trump’s name on your résumé. The scarlet T burns bright in Hollywood," Shawn McCreesh reported.

Continue Reading
 

Breaking Banner

Warren accuses Congress of complicity in Trump’s continued abuses

Published

on

Sen. Elizabeth Warren accused the U.S. Congress of complicity in President Donald Trump's continued abuse of power late Friday, after reports surfaced of his alleged attempts to solicit foreign meddling in the 2020 presidential election, and reiterated her demand that Democrats use their majority in the House to pursue impeachment.

Warren's tweeted statement came hours after the Wall Street Journal reported that Trump urged Ukrainian President Volodymyr Zelensky to investigate former Vice President Joe Biden's opposition to a Ukrainian prosecutor in 2016.

Continue Reading
 
 
Help Raw Story Investigate and Uncover Injustice. Join Raw Story Investigates for $1 and go ad-free.
close-image