Quantcast
Connect with us

With USB-C, even plugging in can set you up to be hacked

Published

on

Plugging in the power – or at least what you think is power – to a USB-C powered laptop can connect your computer, and the valuable personal data on it, directly to hackers. Your personal financial information, passwords and documents stored on the laptop could help a cybercriminal steal your identity. The laptop may even be used to attack your employer’s computers and network.

ADVERTISEMENT

The European Union is already moving to require all smartphones be compatible with USB-C power adapters – itself a move that endangers users’ privacy. If the EU made a similar standard for laptop computers, it would threaten to make the problem worse, by increasing the number of people vulnerable to what is basically the digital equivalent of pick-pocketing.

From mobile phones to laptops

Public phone chargers and USB ports can be a threat to mobile phones, if they are modified to attack them.
AP Photo/Jessica Hill

Mobile phones have been hackers’ targets for years. Phones that are left behind or stolen can contain sensitive personal data that can let a criminal open a new bank account or take out a loan.

However, a far more insidious way to get the data is to simply connect to the phone and steal everything it holds. As the phone is not lost, the user may be unaware that anything is wrong. Attackers try to get access to mobile phones via their internet connections and local wireless connection technologies like Bluetooth and Wi-Fi.

But some attackers are finding a weakness in phone charging. Many newer phones use the same port – one of several types of USB – for both connecting to a computer and charging. A charger could be modified to attack your phone via that trusted connection. This has led some researchers to recommend never using public USB chargers for your smartphone.

Older mobile phones, including some smartphones, that used power-only connections didn’t have to worry about this issue. Users of these devices can plug in to public multi-device charging stations without worry, as there is no connection to the device’s data. For those with combined data and power ports, however, the same port that many people only use to power their phone is commonly used by hackers and even law enforcement to access the data on it.

ADVERTISEMENT

Laptops can now be attacked by USB power ports

Until recently, laptop computers had enjoyed some protection, with most having a dedicated power port to connect their chargers to. Other purpose-specific ports allowed connections to desktop monitors, conference room projectors and other devices, without need for concern. USB-C changed this, with one high-speed port now able to provide and receive power, send video signals to projectors and monitors, and connect to USB thumb drives and numerous other peripheral devices.

Most of the time, this is extremely convenient, reducing the number of different ports needed on today’s lightweight and compact laptops. However, it also allows criminals to attack the computer of an unsuspecting user who is just trying to charge the device’s battery.

Some laptops have only USB-C ports, which are used to power and charge the laptop and for data communications. By using a data interface for charging, chargers can be used to attack the laptop.
weberjake/Shutterstock.com

With the European Union potentially requiring phone makers to standardize on USB-C chargers to reduce waste and provide consumer flexibility, similar rules for laptops may not be far behind. In any case, people with laptops powered by USB-C and those who connect to USB-C screens and projectors in public areas need to be vigilant.

ADVERTISEMENT

Compared to a mobile phone, laptops may contain far more data. Some laptop users may not have these files backed up to other locations, which makes them vulnerable to deletion or even encryption for a ransom payment. Hacked laptops can also serve as a method to get viruses and other malware into sensitive business or government facilities, bypassing firewalls, intrusion detection systems and other network security mechanisms. In short, they may be much more attractive targets to hackers.

Prevent problems by not plugging in

As someone who researches and teaches courses related to cybersecurity, I follow numerous reports of scam websites, all manner of fraudulent callers and electronically distributed viruses – all trying to steal personal information.

ADVERTISEMENT

Alleged overseas hackers, like Lauri Love, who is accused of hacking the U.S. military, rarely stand trial in U.S. courts.
Geni, CC BY-SA

Criminals run these scams from the other side of the world, making them hard to track down and bring to justice. While there is little you can do to prevent your data from being released by large-scale hacks of personal data like the Equifax breach, you can reduce your risk of power-connection hacking.

USB-C laptop users should not plug in to airport, hotel or other public USB ports without protection. Charge-only adapters, portable USB batteries and cables that can shield the data connection are possible solutions. At present, in most cases, it is best to just plug the laptop’s power supply into a normal wall power outlet; many public USB ports, which follow the older USB-A standard, don’t yet provide enough power to run and charge a laptop anyway.

When connecting to other devices, check for signs of tampering, such as missing screws, scuffing and other wear – particularly around screw holes and edges. When projecting for others, use your own USB-C to VGA or HDMI converter and connecting to these ports.

ADVERTISEMENT

Over time, the computer industry may be able to create tamper-evident USB devices and other ways of protecting USB users, like ATM manufacturers have tried to do. Until then, USB-C users need to protect themselves by not connecting to public, insecure and other potentially compromised or suspicious USB ports. Information technology managers face a tougher battle and may try to avoid USB-C powered devices or train users to use them safely.The Conversation

Jeremy Straub, Assistant Professor of Computer Science, North Dakota State University

This article is republished from The Conversation under a Creative Commons license. Read the original article.


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

2020 Election

Masks take center stage in presidential race as Biden slams Trump for ‘costing people’s lives’

Published

on

In an interview with CNN's Dana Bash on Tuesday, former Vice President Joe Biden laid into President Donald Trump for his comments belittling his decision to wear a mask at the Memorial Day events at the beginning of the week.

"He's a fool, an absolute fool to talk that way," said Biden. He added that "This macho stuff ... It's costing people's lives."

Trump has frequently refused to don a mask while speaking to the media, even when he is in public places where masks are required.

Watch below:

“He’s a fool, an absolute fool to talk that way,” Biden to @DanaBashCNN about Trump belittling his wearing of a mask. “This macho stuff ... It’s costing people’s lives.”

Continue Reading

COVID-19

1 in 5 teachers—citing COVID-19 concerns—likely won’t return to US schools this fall: survey

Published

on

While most U.S. schools have ended in-person instruction for the rest of this academic year because of the coronavirus pandemic, polling results published Tuesday show that the majority of parents and teachers expect classrooms to reopen in the fall and worry about what that will mean for safety and education.

In mid-May, Ipsos conducted a pair of online polls for USA Today of K-12 teachers and parents of school-aged children. Pollsters found that if schools reopen in the fall—with strict new rules to limit Covid-19 infections—nearly six in 10 parents would consider not sending their kids back and one in five educators likely would not return to teaching. Among teachers 55 and older, that figure was one in four.

Continue Reading
 

Breaking Banner

Trump says he can ‘absolutely’ force governors to reopen churches if he decides to do so

Published

on

At Tuesday's coronavirus press briefing, President Donald Trump was pressed on whether he really has the authority to force governors to allow houses of worship to reopen amid the coronavirus pandemic. "Can you explain what authority you had in mind when you said that you would do that?" asked a reporter.

The president emphasized that he does have the power — but did not elaborate on how specifically he would do so, and added that he doesn't think he will have to.

"I can absolutely do it if I want to," said Trump. "I don't think I'm going to have to, because it's starting to open up. We need our churches and our synagogues and our mosques. We want them open, churches, synagogues, mosques, and other — we want them open and we want them open as soon as possible."

Continue Reading
 
 
You need honest news coverage. Help us deliver it. Join Raw Story Investigates for $1. Go ad-free.
close-image