As a consultant, I travel on a regular basis. When I travel, I usually have multiple devices with me: a personal phone, a work phone, one or more computer, test equipment, and other devices. All of these are power hungry, especially the phones. It is tempting to charge them anywhere I can, but as a security consultant, I have learned that there are dangers lurking in many USB charging stations.

An article today from Brian Krebs, http://krebsonsecurity.com/2016/08/road-warriors-beware-of-video-jacking/, describes a new type of USB-based phone hack using the HD video output capability on many Android phones. This is just the latest article describing different ways to hack phones via the USB connection. While this one is specific to Android phones, Apple and other phones that are charged via a USB connection have their own particular vulnerabilities.

The real lesson from all these different articles is to be careful where you plug in your phone. Make sure you know what and where you are plugging it into and the cable that you are using.

Many airports, restaurants, airplanes, hotel rooms, etc. now have charging units that allow you to plug in your USB cable to charge your device directly without having to use a charging brick. These devices may be totally benign. However, unless you have actually opened them up and determined that there is no extra circuity added to communicate with your phone, you will not know for certain. Some of the connections, like those on airplanes and in cars, are specifically designed to communicate with your phone to interact with media files and other services.

In addition to the power unit you plug your device into, also make sure you know the cable you use. Security researchers have developed cables with embedded circuitry to hack your device as well. http://arstechnica.com/information-technology/2015/01/playing-nsa-hardware-hackers-build-usb-cable-that-can-attack/

I have a few simple things that I recommend from my experience:

  1. Don’t plug your phone into any cable or device that you don’t personally own or know very well.
  2. Look for extra USB power ports in your laptop/tablet charging bricks. For example, the charging brick that comes with the Microsoft Surface tablet has an extra USB charging port built-in.
  3. Get a battery pack to help charge your phone when you are away from AC power. I recommend one that’s at least 10,000 mAh and has at least one 2 Amp charging output. The one I currently use has 16,000 mAh and two 2 Amp outputs, which allows me to charge my phone multiple times and a tablet. While on travel, I charge the battery pack and my phone via AC power in the hotel room at night, then use the battery pack during the day, as needed.
  4. Get a USB data blocking dongle. They connect inline between your cable and the power source. They only have electrical wiring that connects the power pins, not the data pins, so there is no way that the system can communicate with your phone. You can use this type of device when you don’t have a battery pack with you, or when it runs out of power.