The Danger Lurking at Public Charging Stations
General Douglas MacArthur once said “There is no security on this earth; there is only opportunity.” In most things I agree with this sentiment, but there is one glaring exception. Charging my cell phone or tablet should be secure and shouldn’t be an opportunity for anyone. At the very least, it shouldn’t be an opportunity for a thief to capture my personal information, install a virus on my device or otherwise add drama to my life!
I travel for business. A lot. A real lot. Over the course of my career I’ve logged over 1500 nights in hotels, well over 1000 commercial flights totaling near 2 million miles. I’ve enjoyed uncounted stops in coffee shops, restaurants and businesses all over the world to check on email, catch up on work and recharge my draining batteries. In fact, as I write this, I’m sitting in an airport with my cell phone plugged into a convenient USB charging port. Plugging into a charger that’s not yours is something that should scream SECURITY!
Imagine breaking into a bank with nothing more than a USB drive containing 100 lines of simple code. It happened! Almost any device with a USB port is at risk of compromise. It’s the nature of USB to be, well… universal. It’s supposed to be easy to use. And it’s this ease of use that allows malevolent code, like BadUSB, to find its way onto devices. You don’t need to plug a USB drive into a device for it to be hacked. That computer virus or key-stroke logger can just as easily be spoofed into a public USB charging port! Perhaps the best security precaution you can take is to never plug your cell phone or tablet into a charger that you don’t own – unless you actually want the bad guys to own your data! Windows, Android or Apple, it really doesn’t matter. They’re all at risk!
The ubiquity of the universal serial bus is the culprit here. USB is a wonderful system. It’s elegant, simple, robust and dependable. Depending on the device, there are only a few variations of the connection. A typical USB 2.0 port on a computer, printer or other device has just four electrical connections. There’s a differential pair to carry the data payload. Additionally, there’s a ground and voltage positive supply for charging and power duties. USB 3.0 connections, such as those on more advanced laptops and some smartphones, use an additional two pairs of wire for increased payload bandwidth – up to 5Gbps for SuperSpeed performance. Regardless of the device’s use of USB 1.1, 2.0 or 3.0 protocols, power is still delivered by a simple pair of copper conductors.
Most USB cables, such as the one that came with your phone, are designed to make ALL the connections. That is to say that they have four pins for the differential data, voltage and ground. Some may have five pins; the aforementioned quad plus and additional pin for the serial data used in MHL and USB OtG applications. In the case of a USB 3.0 connection (think Samsung), there are nine pins, but still only two are used for power. The same two as every other USB system, save USB Type-C. The cables are intended to support any typical use of the device. Typically, these include charging, files transfers, and streaming data output. But having connections to the differential data pair is where the hack can happen. You really only need the voltage wires to get a charge.
What if a company were to recognize this fact? Well then they could build a perfect cable for the user on the go. With no data connection, there is no danger of the device being hacked. Simple and clean!
Legrand has done exactly this. The Legrand USB Charging Cable is a super thin, inexpensive and totally safe way to connect your USB powered device to any port, any time and any place without worrying about being hacked. Go ahead, use that USB charging station at the bus stop or airport! We’ve got your back and you won’t get hacked! We’ve even made a version with two outputs to protect your smartphone and tablet for simultaneous charging.