PhotoBanter.com

PhotoBanter.com (http://www.photobanter.com/index.php)
-   Digital Photography (http://www.photobanter.com/forumdisplay.php?f=5)
-   -   Macbook users, cellphone addicts; beware the charger (http://www.photobanter.com/showthread.php?t=131831)

nospam November 13th 18 07:08 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
RichA wrote:

https://www.bbc.com/news/technology-45139397


that will not work at all on ios devices, and is going to be *very*
difficult on recent macs.

meanwhile, android devices and windows pcs are vulnerable.

nospam November 13th 18 10:12 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
RichA wrote:


https://www.bbc.com/news/technology-45139397


that will not work at all on ios devices, and is going to be *very*
difficult on recent macs.

meanwhile, android devices and windows pcs are vulnerable.


For all we know, it's already happening. There are MILLIONS of cheap
Chinese chargers out there.


cheap chargers might damage a device, some have even killed the owner,
but it's not going to juice jack.

nospam November 13th 18 11:00 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
RichA wrote:

For all we know, it's already happening. There are MILLIONS of cheap
Chinese chargers out there.


cheap chargers might damage a device, some have even killed the owner,
but it's not going to juice jack.


Beware power cords. Copper in some cases has been replaced with copper
coated steel strands (copper cost is high now) and steel strands can bend and
break which creates hot-spots due to resistance.


tl;dr - don't get cheap ****.

newshound November 13th 18 11:00 PM

Macbook users, cellphone addicts; beware the charger
 
On 13/11/2018 18:08, nospam wrote:
In article ,
RichA wrote:

https://www.bbc.com/news/technology-45139397


that will not work at all on ios devices, and is going to be *very*
difficult on recent macs.

meanwhile, android devices and windows pcs are vulnerable.


On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.

nospam November 13th 18 11:04 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.


https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
³One attendee claimed his phone had USB transfer off and he would be
fine. *When he plugged in, it instantly went into USB transfer mode,²
Markus recalls.* ³He then sheepishly said,* ŒGuess that setting
doesn¹t work.'²

-hh November 14th 18 12:23 AM

Macbook users, cellphone addicts; beware the charger
 
RichA writes:
For all we know, it's already happening. There are MILLIONS of cheap Chinese chargers out there.



Golly, if only someone would work with Amazon to help the latter identify and cut off
their sales of counterfeited OEM-marked products!

-hh

newshound November 14th 18 05:32 PM

Macbook users, cellphone addicts; beware the charger
 
On 13/11/2018 22:04, nospam wrote:
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.


https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
³One attendee claimed his phone had USB transfer off and he would be
fine. Â*When he plugged in, it instantly went into USB transfer mode,²
Markus recalls.Â* ³He then sheepishly said,Â* Å’Guess that setting
doesn¹t work.'²

OK so that's what the article said. I wonder what sort of cleverness it
is doing if the phone *really did* have the transfer turned off. Was it
perhaps exploiting a bluetooth or wifi vulnerability?

nospam November 14th 18 05:45 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.


https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
3One attendee claimed his phone had USB transfer off and he would be
fine. *When he plugged in, it instantly went into USB transfer mode,2
Markus recalls.* 3He then sheepishly said,* ‘Guess that setting
doesn1t work.'2

OK so that's what the article said. I wonder what sort of cleverness it
is doing if the phone *really did* have the transfer turned off. Was it
perhaps exploiting a bluetooth or wifi vulnerability?


it likely used a usb exploit to re-enable it.

accessing data on android devices is relatively easy. for ios devices,
it's basically impossible.

newshound November 14th 18 07:18 PM

Macbook users, cellphone addicts; beware the charger
 
On 14/11/2018 16:45, nospam wrote:
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.

https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
3One attendee claimed his phone had USB transfer off and he would be
fine. Â*When he plugged in, it instantly went into USB transfer mode,2
Markus recalls.Â* 3He then sheepishly said,Â* ‘Guess that setting
doesn1t work.'2

OK so that's what the article said. I wonder what sort of cleverness it
is doing if the phone *really did* have the transfer turned off. Was it
perhaps exploiting a bluetooth or wifi vulnerability?


it likely used a usb exploit to re-enable it.

accessing data on android devices is relatively easy. for ios devices,
it's basically impossible.

That suggests they are not just accessing data, but a system function
which IMHO is much more serious.

It would be nice to think Google would work quite hard at patching such
vulnerabilities. Life has become far simpler since USB became a standard
for charging all sorts of devices. At a quick count I have well over a
dozen, and I am sure I have forgotten some.

nospam November 14th 18 08:29 PM

Macbook users, cellphone addicts; beware the charger
 
In article ,
newshound wrote:

On my android phone, by default the USB port will only accept power. You
have to pull up a window and positively enable data transfer.

https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
3One attendee claimed his phone had USB transfer off and he would be
fine. *When he plugged in, it instantly went into USB transfer mode,2
Markus recalls.* 3He then sheepishly said,* ŒGuess that setting
doesn1t work.'2

OK so that's what the article said. I wonder what sort of cleverness it
is doing if the phone *really did* have the transfer turned off. Was it
perhaps exploiting a bluetooth or wifi vulnerability?


it likely used a usb exploit to re-enable it.

accessing data on android devices is relatively easy. for ios devices,
it's basically impossible.

That suggests they are not just accessing data, but a system function
which IMHO is much more serious.


a major problem is that android devices rarely encrypt anything because
it slows things down due to the lack of hardware encryption on most
devices, but even for those that do, encryption is usually disabled.

on ios, everything is encrypted (with hardware), so even if a rogue
device could somehow bypass user confirmation to access the data (which
is required), they still have trillions of years ahead of them to crack
the encryption.

It would be nice to think Google would work quite hard at patching such
vulnerabilities. Life has become far simpler since USB became a standard
for charging all sorts of devices. At a quick count I have well over a
dozen, and I am sure I have forgotten some.


the problem is that android device makers drop software support fairly
quickly (typically a year or two), so whatever patches google might add
may not be available for your existing phone. they hope you buy a
replacement. there's no profit in free updates.

another problem is that android device makers often make things worse
with their own additions to android, sometimes a *lot* worse, such as
this:

https://www.theregister.co.uk/2015/0...ng_fingerprint
s_as_worldreadable_cleartext/
Four FireEye researchers have found a way to steal fingerprints from
Android phones packing biometric sensors such as the Samsung Galaxy
S5 and the HTC One Max.

The team found a forehead-slapping flaw in HTC One Max in which
fingerprints are stored as an image file (dbgraw.bmp) in a open
"world readable" folder.
....
"To make the situation even worse, each time the fingerprint sensor
is used for auth operation, the auth framework will refresh that
fingerprint bitmap to reflect the latest wiped finger," the team says.

"So the attacker can sit in the background and collect the
fingerprint image of every swipe of the victim."

the level of stupidity for something like that to even be considered,
let alone actually implemented and ultimately deployed in a consumer
product is staggering.

unfortunately, nobody gives a **** and the companies are still in
business, still making products, still putting users and their data at
risk.


All times are GMT +1. The time now is 03:49 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
PhotoBanter.com