Because the NSA hasn't proven that they're willing to go through nearly unimaginable lengths to procure any and all data that they can get their hands on.
NSA hires hacker to install monitoring devices on all the samsung charging stations at O'Hare airport? Not out o the realm of possibility.
Six months ago, I would have called a comment like mine a little too tin foil hat, but not today.
Boston Logan airport has certain benches dedicated to power charging, and for the most part they all have two power sockets and two dedicated USB charging ports.
I've also seen dedicated cell phone charging stations at other airports that have USB charging ports alone.
USB-only chargers in airports definitely exist, and are sometimes fought over in busier airports.
Newer/remodeled hotels and airports are full of these things now. They don't exactly jump out at you, they would be easy enough to miss.
AFAIK these things are just dumb voltage sources, they don't have any USB controllers that could be hacked. At least, the ones you and I can buy don't. But there isn't, in principle, any reason why they couldn't have such controllers, either.
Dreamliner has USB sockets for charging. I think you can also load media over them, but it might be iPod/iPhone only. (That's lame, but he Dreamliner has the best in-flight entertainment system I've ever seen; I usually shut them off, but they had enough Pink Floyd in the on-demand library for take-off and landing, which was nice.)
Last time that I flew SouthWest, they had specific "charging seats" (that had power outlets and USB sockets for charging) in their terminal. (Note: this was maybe 2008 ~ 2009)
It's actually very serious. Just like ATMs, power stations can look completely harmless while being incredibly dangerous under the surface. Once you connect to a system via USB, it automatically allows data transfer, which makes your smartphone vulnerable to malware and data theft.
I can't speak for Android, but iOS 7 now has an automatic warning when you connect to new devices that asks if it should be trusted, presumably to mitigate this risk. However, I doubt anything less than a full hardware solution can actually eliminate the risk entirely.
There's a reason why conferences like DefCon warn you explicitly not to use power stations or ATMs nearby - they can be hijacked very easily.
Well, you should assume that everything out there would be malicious, and work from _that_; if you go to DefCon specifically, this is a reasonable expectation.
New-ish Androids pop up a "USB connected, do you want to use this" prompt as well; but many devices (esp. embedded ones) don't.
For most casual personal computing, anyone reasonably smart being after you already means you lost. If they also know your own software better and have a big computer, you never had a chance.
Exploits like this have actually happened already against Android at conferences. Developers particularly almost always have the Android Debug Bridge (ADB) enabled on their phone. Then someone made fake USB charging stations that used ADB to pull all the files...
Couldn't you spoof a computer fingerprint? The hard part would be figuring out which computers are trusted, of course. Perhaps there is a timing attack that can be performed to find out.
Of course, attaching a USB condom when your coworker agrees to let you use their computer to charge is an implication that one of both of you has a "slutty" device.
After all, you never hear of a phone committing to just one outlet.
And consider how many people indiscriminately hookup with anonymous base stations at airports... That "Free Public Wifi" SSID is still being passed around.[^1]
Such devices are supposedly in the wild; although actually meeting one at random would be pretty rare (as most of the usages seem to be spear-phishing: operations targetted to acquire data from specific people).
This is a real concern. All phones are suceptible to malicious programs being injected via usb plug. Basically can make your phone into a bot for a botnet. It's like windows 98 all over again.
Perhaps you should, though. I mean, sure, normally you don't need to worry about it; but given how much personal data is being stored on our phones these days, and how easy this sort of attack would be (stick a charger in an airport that actually slurps up the data of anyone who uses it), it's definitely something to think about.
1. The data lines can be very important in regulating power output for different devices, and there are different maximums for different versions of USB. Some devices require data communication to charge. Some require proprietary protocols. Implementing Apple product charging is somewhat convoluted, for example, and has changed over time.
2. A friend of mine is a computer engineer, and tells me that correctly implementing USB in hardware is incredibly difficult. It's possible that devices like these might be skimping on parts of the spec to more easily get a working product out the door.
I used to design these things. Yes they are difficult to design in the sense of RF engineering to pump that much data on a data line, but the power end of it is a very simplest design. It has a current cap to prevent damage to the regulator circuit and USB regular spec is 0.5A. Which isn't very much if you've ever tried to charge a phone off of that. Without the inner pins it'll default to the low spec (on a well design USB Host) but no damage or risk to having those inner pins float since they have internal pull up resistors. If the device decides to provide more all the better for you as your device is what regulates how much current it wants when an infinite amount is available.
>If the device decides to provide more all the better for you as your device is what regulates how much current it wants when an infinite amount is available.
If the host is capable of providing more power like 2.1A for example, how is that supposed to be signaled to the phone when the data lines are floating high? The way a USB charger that provides more current than the USB spec works is by pulling the data lines either to some voltage or shorting them together or to ground. Either way you need the data lines to negotiate that.
Yeah there's normally a negotiation via pins being grounded or through the level of resistance on that pull up which tells the device what spec is being used. That goes on to tell the device how much power it can pull without causing a power droop. If the pins are missing most devices won't try to pull more, like my phone won't... but I have a cheap external USB HDD enclosure that will pull what ever it needs from the line regardless of the pin setup. Most Mother Boards actually put out 1-2A on those lines so I can run the thing as normal, but the drive comes with this add on extension to hook it up to two USB lines to get around the 0.5A limit.
Or if you have a "nice" device like an Apple product, the voltages/resistances on the data lines will determine your charging speed. And then there's USB dedicated charging spec ports, like the ones that can put out 2100mA, but that's luckily out of scope of this device...
The "condom" can be designed to be transparent with regard to one or more kind of power negotiation, though this would require a microcontroller, and possibly some analog circuicity for proprietary resistance-based negotiations.
A microcontroller actively doing the current negotiation would be nice (for things like working at the maximum power of both android and apple chargers) but a much simpler and dirt cheap solution would be to hook the data lines up so that they go through a simple filter that filters out everything other than the DC bias so power negotiation would work normally for chargers but no data could cross the cable.
> Implementing Apple product charging is somewhat convoluted, for example, and has changed over time.
If that and other things you claim are real issues then, every dumb usb power brick, every old computer/old charger, every non-apple charger, and others would all have problems.
I think they are referring to the higher power ipad charging that pushes more amps down the line than the spec calls for. There is some kind of trigger used to tell the charger to send more juice. This device will probably cause that to not work. So, an ipad on this would only charger at the standard/lower rate.
The trigger is just grounding the two inner data pins together. This is ok since the data pins are loose pull up so even if the device tries to send data on something with those shorted no damage will occur.
Right, but my point is that this device won't work with those 'high current' charging devices (at the high current, it will only will only send the standard amps). Unless they included the logic to test this, which, I suppose, is possible.
I have created my own battery usb charger (it takes d batteries and gives a usb port). I simply placed a resistor to a data line and that was it. I understand the idea of power negotiation, but felt like it was way more work than it was worth. I didnt need any complicated circuitry; just a battery, resistors, a couple of wires, and a small dc-boost circuit (to drain the batteries as much as possible).
Even easier, although not as nice-looking: get a common off-the shelf USB Y-cable, plug the power-only male into computer, plug phone into female outlet; done. See e.g. http://easyshop.kiev.ua/images/shnuri/shnuri/Usb-y-power-cab... for an illustration what the cable looks like.
(I have been doing this to charge my phone, as even the USB mount dialog confuses some apps)
There are actually charging only USB cables out there as well. Heck, I suspect the cable that came with the Chromecast is one, just to save money on data lines that would never be used.
but why buy another cable, with all the fumbling and whoops I used the wrong cable, when you can buy something that you permanently "by default" keep on the end of the cable that you already have, and take off when you're ready to use the cable for serious.
Basically, it's a USB extender cable, with an extra pair of power wires soldered on and terminated in a USB male header - the original use is for power-hungry disks, where you'd plug both the male headers into the computer, increasing the available power (as USB 2.0 can only give 500 mA through a single port, per spec), at the cost of hogging two USB ports. It can be re-used as a USB condom as well.
For those who didn't click through everything: This devices is an adapter that cuts the data lines for a USB connection.
Such a device will most probably restrict the device (if it properly implements charging) to a maximum charging current of 100mA. The data lines are used for identifying the maximum current allowed.
Or implement other identification mechanisms that exist or might evolve. Yes. But in the same run, that might take too much from the port you plug it in mistakingly. If you don't trust the port, you will often not even know what it is. It's probably safe to assume it will indeed give you 500mA (when it's in the device or a powered hub). What about the 1500mA ones?
That said, if one desperately needs to charge a battery, one is likely to take even 100mA. Cutting two lines of a cable doesn't seem that hard and ugly compared to a un-encased PCB, though.
How much do they cost? They're sold out now so they don't list the price. Does anybody know how much they run? Seems like a really good idea to me, there are lots of known USB hacks for phones and somebody smart could probably find away to get the trojan back up on to the person's primary computer.
Nifty idea. If you want to make it even better, have it simulate the iPhone/iPad charger ID circuitry so that I can charge my iPad off any old USB charger (provided it's rated high enough).
Edit: Actually, scratch that. Leave the data lines connected, but "short" them to the V- line (or shroud, should hopefully be the same thing) with a small capacitor to act as a low-pass filter. I don't have the specs in front of me, but it should be easy enough to filter > 1Mhz down by 3dB and still keep the DC "slew rate" enough to properly ID a charger.
This is how this USB condom should have been made while making sure to use two separate capacitors instead of just shorting the data lines together. The only problem with this approach is that it's physically possible to make a special USB host that pumps enough current down the data lines to fill up that tiny capacitor every cycle. Might want to throw in an inductor for the extra paranoid.
It depends on the size of the capacitor. And even with smaller capacitors, any device which is capable of producing a signal strong enough to overcome even a simple passive 3dB filter well enough to get through the USB handshake, let alone actual device operation, would almost certainly be quite large as compared to a regular charger.
Adding an inductor would screw with things, but if we're being really paranoid here, active circuits can measure the resonant frequency of the line and overcome it. Or, even if we're not being paranoid, you've now given someone a nice RCL trampoline to bounce a nice high current into your phone's USB data lines.
There are a few ways to protect against all of that if you want to be really paranoid. To start, you could go with a higher order active filter built from a cheap op-amp circuit.
More complex varieties could include the use of a tiny 8-bit uC programmed to control a digital pot on the protected side, and an optoisolator somewhere in there just in case there's some weird failure mode which causes a signal path to short from protected to unprotected. The benefit of something like this would be that the controller could also control a light or buzzer to alert the user when a signal is detected on the "unprotected" side.
Cheapest and most reliable might be to pump the output of a simple RC high-pass filter into a simple RC low-pass filter (translates to DC bias) then feed that to a comparator which latches the signal lines open (and sounds an alarm) if signal is detected. Or better yet, make it normally open and close only when signal isn't detected.
When I feel my batteries are low, I like to get my juice flowing by plugging in to the nearest socket available. Sometimes, I even get a surface to sleep on, and when that happens, often I get to load up on media. Sometimes when the media's done there's some funny business. Occasionally, I even get a special powerup for breakfast. There's nothing like waking up in the morning after a new encounter, wealthier for the memories, fully charged and ready to go. - Anonymous mobile device, 50 Bistreams of "Hey!"
Because you don't know that you can just cut the data wires in a cheap USB cable, and want to be 'protected' by a cool hipster toy that'll sit in your laptop/phone baggie until you're at some party and can shout in triump when someone plugs in their phone 'just to charge': "NO, USE MY USB CONDOM!!"
EDIT: if this thing actually had some diagnostic LED's that would show you that the 'power port' was trying to do something nefarious on the data lines, it'd be a lot more useful than an ultra-cheap snipped cable imho ..
Sure. The advantage of this is you don't have to cut open one of your cables, you can easily (and visibly) decide whether you want the data pins connected or not and this works for any USB device, ie. USB micro as well as Apple and other proprietary connectors.
Everyone wants to reduce their risk, but not everyone wants (or is competent) to do surgery on a cable or terminator. And if you have a custom cable you like or a weird charge port on your device, you'll just want something you can interpose rather than a whole separate system.
Recently, it comes to light that those handling the Snowden files are using air-gapped computers and passing encrypted data to the outside world via ... USB sticks.
Can't USB sticks execute arbitrary code? Couldn't an attacker infiltrate the publically accessible computers that these people use and put a data-stealing trojan onto USB sticks used to bridge the air-gap?
Do other media that most computers accept these days e.g. sd cards support arbitrary code execution too? How can you get around this?
EDIT: it was DMA attacks that I was thinking off, and USB seems free of them at least. I guess, if you trust the robustness of your USB stack against exploit, that USB is a fairly safe bet. As these very people are reading the NSA secrets, one wonders what'd happen if they discovered some hint that that NSA could do precisely that - exploit via USB plugging in.
Can very much recommend this talk. Spoiler: you can differentiate an operating system booting from e.g. a forensic device doing a backup, by looking at the access patterns.
Also note that the USB spec is rather complex, and some parts of it will be invariably implemented in software. Often in very high-privileged C code. As such, it is likely to contain critical errors. Heres one for the PlayStation 3 that emulates some garbage on a USB port to get fully privileged code execution:
A USB stick could be anything, but if it is simply a proper USB mass storage device, it, by itself, can not execute code on the host machine.
To execute code on the host machine, either the host machine has to be stupid (like many Windows versions that try to automatically execute code from plugged-in devices without user interaction) or the device has to be malicious, trying to exploit weaknesses in the host machine.
----
Now, for the files being put on these sticks, there are probably many opportunities to inject a trojan.
It's an OS issue, not a medium issue. That is, any storage medium is a risk.
USB is particularly interesting because a single USB device can turn into a hub or a completely different device at runtime. So you can have a USB flash drive suddenly become say a keyboard and start typing stuff in.
The USB stick would have to exploit some vulnerability in the handshake process to run attack code on the host. In order to prevent that, you'd need a "USB sanitizer" that proxies the communications over the data lines and prevents any traffic that it deems unsafe.
This device, off course, can also be the target of an attack.
It was an old Windows problem that it automatically executed code on mounted media devices. But I hope this was fixed on Windows in the meantime and other OS don’t have this problem.
It's deeper than that. You're plugging a device into your system's bus, the attack surface is huge for that device to steal or modify your data. USB device is a very different beast than CD.
Most applications & the OS require you to type in your old password correctly at the time before allowing you to change it. I don't see how a usb-stick which pretends to be a keyboard could do that.
It doesn't - therefore, a to-spec USB2.0 host should not give more than 100mA over the condom, but good luck finding such a beast (most hosts will happily serve 500 mA w/o negotiation).
Nitpick: It's current negotiation, not voltage negotiation. As for voltage - 5V is universal with USB.
And as for current - I wrote about the matter in another reply to the OP: The problem will be a well-behaved USB device simply won't take more than 100mA. I.e. it will use the "flat" charging curve, even if the host could deliver more.
Nitpick for interest's sake: apparently there's a new (2012) 'USB Power Delivery' spec[1] which specifies two new voltage levels (12V & 20V) in addition to 5V, with higher current limits (2A at 5V, 3A at 12V or 20V for microUSB connectors). Obviously both ends (and the cable) have to support it; I don't know if anything actually does yet.
Pedantry: That should be obvious from the units, wouldn't it? (Volts for voltage, amperes for current, ohms for resistance) I do agree that the general public uses these interchangeably, bringing confusion :)
As for a well-behaved device - there aren't very many of those, either. Fortunately, this is less of a problem with USB3 - more devices follow the spec closely.
Interesting. But I'm looking for the opposite. I often have to access my phone, kindle, whatever data, but do not want to charge it. But I guess the usb controller will not accept a data-only connection.
Great idea and cute name, but why would you market this on Friday when you won't be taking orders until at least Monday? Seems to me you just lost out on a bunch of sales by showing it off early because it likely won't make the front page again on Monday.
This reminds me of when vendors at tradeshows used to sell "floppy disk condoms" as novelty items. I think there was also at least one transparent keyboard cover billed as a "keyboard condom".
Love the humor, usbcondoms crew! Another one I hope you find a place for in the future: "In the dark, all cats are gray" -- Benjamin Franklin. Yes, really.
the USB Condoms nomenclature is likely the reason it is getting exposure. For a first run, I'd say it was definitely successful considering its sold out. But you're right, retail would probably suggest a name change.
Well, like everything else .. Marketers are betting on the laziness of people.
Why tell someone he can lose weight by working out and eating less, when you can sell them a pill that makes them lose weight while they sleep and get abs in 7 minutes?
Why learn programming in several years, when you can "learn programming in three days".
Why tell people to be cautious with their data, not to click on everything, when you can sell them a "condom" that enables them to remain reckless and careless and lazy ?
Some attacks do not depend on user interaction ("clicking"); plugging the device in might be sufficient. Thus, hardware air-gap becomes necessary.
(of course, this just shifts the problem around: now you need to trust the "usb condom"; but given its simplicity, it should be much harder to put anything nefarious there)
[1] http://int3.cc/collections/frontpage/products/usbcondoms