Please sign in to post.

Stick to your own phone cables and don’t use the hotels USB ports

That’s what this article is telling me. Most of the article was pretty high-tech, and above my understanding, but it sounds somewhat scary. According to the article, a particular type of cable that looks like any other cable “… can capture keystrokes, steal credentials, exfiltrate data, even plant malware—and there’s nothing needed but the cable itself.”

It also discusses malware that can be planted into public USB ports. I was already aware of that and have avoided using USB ports and airports, but it never occurred to me to think of hotels. So from now on, I’m using my own USB ports that I bring, and will refrain from using the ones in the hotel.

https://www.forbes.com/sites/zakdoffman/2023/12/16/apple-iphone-ipad-and-macbook-users-warned-not-to-use-other-peoples-charging-cables-after-new-update/

Posted by
159 posts

While I did not click on your specific link, I believe this is another in the vein as described below:

https://slate.com/technology/2023/04/free-public-phone-chargers-fbi-warning-bad-actors-threat-bogus-debunked.html

Actually, Charging Your Phone in a Public USB Port Is Fine
Here’s how the FBI, the FCC, and hundreds of news organizations got this one wrong.
BY HEATHER TAL MURPHY
APRIL 13, 20233:40 PM

…hundreds of articles have been written warning the public not to charge cellphones at airport or hotel USB ports. Most of the news items cite a recent tweet from the FBI, which includes the menacing detail that “bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.
….
As it turns out, though,  not only is the scam not increasing, there’s little evidence that it has ever posed a real threat to the general public. And what actually did happen, I found after contacting multiple government agencies, is this: On April 6, someone in the FBI’s field office in Denver decided to resurface an old warning about juice jacking that the Federal Communications Commission had in fact posted to its site—in 2019.

Posted by
2267 posts

David—Thank you! I always appreciate the debunking of paranoid myths*.

*To which I am not immune. I have a USB adapter that is 'power only', the data-transfer functionality purposefully missing. I'll be glad to retire it.

See also: RFID blocking.

Posted by
296 posts

Just to add to that Android phones (and possibly iPhones as well) have a popup warning when you're plugged into a USB port that allows data transfer, asking if you want to allow access to data. You can just click no and continue to charge. I note also that lots of airline seats now offer both data transfer capable ports and charge-only ports.

Posted by
6280 posts

David, if you would have read the article I linked to, you would have seen that the article you linked to is outdated. There is evidently a new upgrade to this type of cable that is allowing more malicious activity.

Scudder, evidently the paranoid myth has not been entirely debunked. Maybe you should read the article too.

Posted by
159 posts

My apologies if there is a real threat. I have seen these type of threats reported over my career (retired software exec) and of course like most of us here I travel extensively-- and routinely use public USBs.

And again, I'm retired so my experience is undoubtedly dated. Ah to be old! But My son is getting his PhD in Comp Sci (security area actually- cryptography). I'll ask him when he gets home if he knows anything about this. In meanwhile safe travels!

Posted by
6280 posts

Thank you, David. I admit, I don’t know a lot about this, but I do trust Forbes, and the article sounds very legitimate. This is evidently a very recent upgrade of the OMG cable and it sounds serious enough. I plan to take precautions. Whether they’re necessary or not, I don’t know, but it’s certainly wouldn’t hurt. In fact, if you google OMG cable, you’ll find a ton of stuff out there warning people about it. And this is stuff written by techies, not bloggers.

Posted by
206 posts

Mardee, thanks for posting the link. The OMG cable (this emoji comes to mind😱) does seem like something Q would come up with for 007.

There was another forum post about not using airport charging stations, was it yours? After reading it, I ordered data blockers from Amazon. They are small, inexpensive and easy enough to add to a tech bag for travel, can’t hurt. I bring my own charging blocks, battery backup power supply, and I don’t trust the airport charging stations. I don’t understand the technology well enough to know whether or not it could be hacked at the airport. Perhaps unlikely? Yet, stranger things have happened.

Also, there could be power surges anywhere so I bring a travel surge protector. Here’s a blog post from Anker about bringing power strips when traveling.
I like their tech devices and quality.

I remember the videos showing thieves stealing people’s credit card data using devices that could be blocked with a homemade sleeve of duct tape and foil, if the victims only knew they were at risk. Then came the RFID blocking wallets, to thwart thieves.

I also read David’s posted article link. I will be interested to know what your son has to say about it.

Fear is a bad thing but it’s important to be aware. “Travel safe” has several meanings…

Posted by
14956 posts

I read the article.

Basically, there is a new OMG cable that can be programmed to extract data from your phone when using a USB port that has malware.

If the port alone is malicious, and you don't have one of these new cables, you should be okay.

Buying a cable from Amazon, or a store, will not give you a programmed cable. They are mostly found as free giveaways you might find at a conference or in some hotel rooms. Again, they have to be pre-programmed to do the nasty. (Yes, these new cables have mini computers built in.)

I rarely use hotel or airport USB ports mostly because they are very slow. When they are working.

There was one paragraph I found interesting:

Should you worry about the cables lying around at home or at work—almost certainly not. But I’d think twice for many reasons before plugging in give-away cables and more obviously USB sticks into any device I owned.

Posted by
6350 posts

A good way to protect your phone is to buy a USB data blocker, they are pretty cheap.

Posted by
6280 posts

Thanks, all! Good advice. I just realized also, that this article applies to Apple device users, which makes me think Simon's info about the popup warning only reflects Android users. I know I've never seen such a warning on my iPhone (which is a shame).

Posted by
628 posts

I read the article and just do not see the need for panic. Most folks are not going to be the targets for the sort of bad actors that may employ such materials. You're more likely the target of phishing campaigns and other similar social engineering attacks that work without the need for specialized tools or pre-positioning of tools.

On the otherhand if you're the sort that would use a USB drive that you found, or drives or cables passed out as swag at conferences, be concerned. That stuff should just hit the trash. You don't know the specifications or where they came from. And USB charging? Why? That takes too long and I can charge in minutes on a 45w charger.