Sometimes we depend on a mobile device to work, travel or pay and the battery can play a trick on us, so much so that finding a USB charging connection may seem like salvation. But connecting our device to a public USB may not be the best .
The ideal is to carry an external battery that can at least give us enough charge to have autonomy to be able to charge the phone from a socket or a USB of confidence. But when it is not like that and it is an urgent situation, our only way out is to pull one of these ports that we sometimes find in means of transport or public places . Worse remedy than disease?
The external battery, a friend more faithful than it seems
The lack of security around these ports has been questioned for years. Last year Kaspersky resumed a 2014 experiment in which the possible malwareinfection of a smartphone was raised by connecting it to a USB charging port, proving that information could be obtained from it, whether it was iOS or Android .
They made allusion to what is called handshake or “handshake”. That is, the technique by which a USB port is used for the phone to transfer information to a unit through a standard USB cable. Information such as personal and telephone data (system information, components, etc.), depending on the hack and the connection time.
For these conclusions, from the antivirus company established a series and warnings:
- Use only trusted USB ports .
- Protect the mobile device with a password and do not unlock it while charging.
- Use resources and encryption technologies that protect data, isolating sensitive information.
- Keep computers clean of malware .
Speaking of this report, in Telegraph they linked with the risks that the connection to public Wi-Fi networks that we saw in depth here can havegiven that in both cases what we allow is that we have access to our information .
But not only those of Kaspersky have wanted to warn of the risks involved in resorting to an unknown USB. Drew Paik, an expert in security of Authentic8, spoke on CNN of these dangers clarifying that if one of these ports is breached by a hacker, ” there is no limit in the information that it can take”.
Taking juice out of the connections hack
Paik himself talked about juice jacking, an expression that was coined in 2011 to talk about the copying of data and file without consent and indiscriminately . On this the expert specified that personal data such as email, photos, messages and contacts can be obtained.
Something that also alluded in the New York Times when talking about the risk of using the USB of rental cars . In this case it was not a security company, but the Federal Trade Commission of the United States (FTC) which recommended that these ports were not used or even Bluetooth.
Rather than direct risks or hacks, what the commission explained was that since connecting the device to enjoy certain functions (hands-free, etc.) the car keeps data such as the phone number, it was worth being cautious with it in front of when the car was left. Hence, the first thing they remembered was that when the use of the rental car ended, we would drop all of our system data.
In addition to this, the FTC advises the following:
- Avoid using the loading ports . It is safer to use an adapter for the lighter (since USB may involve automatic data transfer).
- Pay attention to the permissions we give when connecting the mobile device to the car. Sometimes the software incorporated in the car shows a screen in which you can specify what information you want to share with the system, as it happens with many of the apps that are installed on the mobile.
- Clear our data before returning the car.
The precaution never hurts
As always, in technology that “made the law, made the trap” does not take long and can be generally cautious (without either obsessing and falling into disinformation). We saw for example that it was not too complicated to spy conversations or the possibility of hacking the voice assistant with a fairly simple tactic and technology (with certain knowledge provided, of course).
The basic thing is to have control of exposure and permits . It is clear that the most effective solution so that a piece of data does not leak is, obviously, not to share it. But when we have to do it because the passage through electronics is inevitable due to our circumstances, what remains is to be cautious about which networks are used, the systems and what permits we give, for example to the applications that we install.
When it comes to the use of public USB, they do not have to be corrupted. But it will always be safer to pull our own external battery or use a USB cable that does not have the parts that are necessary to transmit data (that is, only charge, since as we saw here carry cables for power and transfer) , as Paik of Authentic8 warned.