Public USB Charging Ports Pose a Greater Risk Than Borrowed Cables, IBM Warns

Author: Qoo Media

Public USB charging stations may pose a more immediate threat to device users than borrowed charging cables. Charles Henderson of IBM Security said USB ports in public spaces can be modified by irresponsible parties.

Unlike an ordinary wall outlet, a USB charging port can carry more than electrical power. That distinction makes public charging facilities a concern for people who connect phones, tablets, or computers while travelling.

Airports and hotels are among the locations where this risk deserves attention. Travellers facing a low battery may choose a public port or accept a cable from another passenger, guest, or unfamiliar person without considering what may be connected to it.

Borrowed Cables Can Also Be Modified

A charging cable that appears ordinary can contain components designed to install malware on a connected device. Such a cable could then provide remote access to the person controlling it.

Henderson is Global Managing Partner and head of X-Force Red at IBM Security. His team conducts authorised hacking tests for clients seeking to identify weaknesses in their computer systems.

According to Henderson, hackers have found ways to place malicious technology inside charging cables. The components can be made small enough for the cable to retain the appearance of a standard accessory.

The cost of producing this technology is also falling, while average consumers have limited ability to identify a dangerous cable. A Malicious Charging Cable may therefore be difficult to distinguish from a normal cable through appearance alone.

Charging Method Main Risk What to Watch For
Borrowed charging cable Malware can be installed to compromise a device Cables from unfamiliar people or parties
Public USB station The USB port may have been modified USB ports in airports and other public places

Demonstration Showed Remote Access Potential

The capabilities of a modified cable were demonstrated at the DEF CON hacking conference in Las Vegas. A hacker known as MG showed a modified iPhone Lightning cable connected between an iPod and a Mac computer.

MG was able to access the cable’s IP address remotely through that setup. The access enabled control over the connected Mac computer.

The demonstration also showed that the malware could be disabled remotely and its traces removed. This could make malicious activity more difficult for a device user to detect.

Henderson said cable-based malware attacks have not become widespread. He described them as more likely to be used against selected targets than deployed randomly against all users.

Even so, the absence of widespread attacks does not eliminate the possibility of future misuse. The continuing decline in production costs may make the technology more accessible while detection remains difficult.

Reducing Exposure While Travelling

The safest approach is to avoid relying on unknown borrowed cables and Public USB Ports when charging devices away from home. Carrying a personal cable reduces the need to connect a device to accessories of uncertain origin.

Users should be cautious about anything plugged into their devices, particularly when those devices contain personal information. Malware introduced through an untrusted connection can create a route for unauthorised access to that data.

Henderson compared charging cables with personal items that are safer to buy new rather than borrow while travelling. The warning reflects a simple precaution: a familiar-looking cable does not always reveal what it contains.

Source: www.cnbcindonesia.com
Latest