Maybe you have heard of usb condoms? It's a usb-c to usb or vice versa adapter where you modify it by removing the data wires which are on the sides. Then there is only power. Why don't the charger manufacturers do this themselves and remove the data wires if there is no purpose for them? It creates an unnecessary security risk by having the data wires.
What are your opinions on this? How do you approach this security threat? Or do you not do anything about it at all?
I don’t want a bunch of broken fake USB-C cables lying around that work for slow charging only and will totally fail when used with my mouse, keyboard, running an external display, etc. I get these kinds of USB-C cables from time to time in boxes with mediocre gadgets and throw them out! Anker’s whole brand was originally based on testing USB cables to weed out the broken ones after all.
What is the threat model here anyways? My approach to security when charging my devices is:
1. Use my own charger and cable
I am not worried about my power supply brick getting pwned by a rootkit delivered via the airplane’s AC power mains and then that pivoting to my laptop.
So is the threat that my power brick got pwned on its way from the factory to me?
I taught them the trick about feeling the cable stiffness, I showed them a type-c cable without data vs one with data vs thunderbolt3 type-c. They just couldn't understand why it wasn't working until I showed them there was a physical and tactile difference in the cables.
The problem with stiffness etc is that there is already a lot of variability on usb-c cables, though there could definitely be something there that I just did not notice.
Personally I have come accross no-data usb cables which I hated, but i see no reason to carry such a cable with me and then carry extra usb cables for data transfer. I am happy enough that the multiple cable problem is mostly solved and I still remember and by no means miss the days that I had to carry a separate charger and associated cable for each device, plus possibly other cables to connect stuff together.
Some USB condoms include a chip to do this negotiation (with the other device) for you - but you still have to trust the chip.
You may very well have experienced this with a very basic USB cable (with just the power lines) - people call them cheap or bad quality, but because of the lack of data lines - only 7.5W can be delivered.
"A power-only receptacle Upstream-Facing-Port might only have VBus, GND, and CC pins populated, because they do not need the data transfer capabilities" source: https://acroname.com/blog/breakdown-all-power-delivery-types...
Per the USB 3.1 power delivery spec [0] all communications related to power delivery occurs over the CC wire (with roles chosen according to Vconn), the data wires are not involved.
[0] https://www.usb.org/sites/default/files/USB%20PD%20R3.1%20V1...
You may want to charge without a data-wire, or use a cable with a correct power-negotiation chip if you don't know/trust the source (eg a charging nook in a library/school/bar/airport.. anywhere public). Some devices are very trusting of power sources, or have been (security is improving, modern phones require unlock before they even acknowledge they accept/send data).
Right, and what communities are those, exactly?
Al of those people may not be up to date, or you may be seeing old discussions.
I believe they adapt charging speed to available power in some cases. Without the data pin, what if you wanted to make a a car charger, but the cigarette lighter couldn't support enough current for a full power charger? Or what if you wanted an ultra portable charger?
It's a useful feature for a pretty small extra risk.
Second, the same risk applies to every other device. Even if we eliminated charger docks and smart charging, we’d still have keyboards, mice, network adapters, storage, MFA tokens, etc. to worry about and that’s why your computer doesn’t blindly trust every device you connect any more. In 2004 you probably could have caused problems by presenting as a storage device with an auto run installer but now all you’re going to get are prompts.
Its kind of like the magic aura-of-intoxication of fentanyl, only juice jacking is a technically possible and demonstrated capability that approximately never happens in the wild, while magic fentanyl actually is sheer fantasy. But both propagate as ideas by the same mechanism.
I charge my laptops with the charger from the manufacturer, where the data cables are used to control voltage and wattage; or from a docking station from the manufacturer. If Apple / Dell are trying to hack me, well, I'm screwed!
I charge my phone with my own charger (wall) and wireless stand that I bought from the manufacturer. If I want to travel light, I charge it with my laptop charger. (Thanks to USB C) Again, I don't think Apple / Dell are trying to hack me.
Other devices are charged with chargers I bought on Amazon. I haven't taken them apart, but I don't think they have some hidden 5G chip that's being used to hack me.
If you're worried about security, _carry your own charger_ instead of plugging into random public USB ports.
---
But, I want to point something out about security: At some point you have to trust someone. If you're nervous, I would stick to a set of chargers that you screen carefully, and carry them with you.
* The laptop supports one or more power supplies, but with different current ratings, and the laptop needs to know how much it can safely draw. (This can be done with passives)
* The charger has dynamic power availability, possibly because it charges multiple devices, and the amount of power available varies with other factors, such as temperature.
* The charger has various output modes available, only some of which align with the device to be charged. Therefore, the two devices must negotiate a common set of parameters.
On the note of USB Condoms, they only interrupt the data lines, USB's power negotiation (nowadays) mostly happens on the power line itself. Though usually, the device's OS (if it has one) has limited/no visiblity to this, and a dedicated port controller handles this interaction, possibly passing higher-level information to the rest of the device.
There are some things that can be done to reduce the threat surface:
* Build the protocol parser as a FSM.
* Formal methods for critical systems.
* Severely restrict the expressiveness of the protocol, particularly any variable-length fields.
Charging cables have data wires because then they can be used as data cables, meaning you can pull the end out of the charger and plug it into some other device, since the USB-C port on the laptop that accepts charge is certain to be a dual-role port. If charging cables didn’t have data wires, you’d have to swap cables in this use case.
> Why don’t the charger manufacturers do this themselves and remove the data wires if there is no purpose for them? It creates an unnecessary security risk by having the data wires.
Because then everyone would have to buy additional USB-C data cables, and then (because it is more convenient) they’d use those with the charger anyway, and the only product would be more e-waste. I mean, the charger already is probably going to last much longer than the supplied cable, and eventually people are going to be using a separate cable with it, using a useless-for-other-purposes cable just accelerates that.
And the security risk is from untrusted chargers. For the charger manufacturer, their charger isn’t untrusted. If the buyer doesn’t trust them, they won’t trust them to supply a safe cable whether or not they actually do, so its not even a useful “secure” sales gimmick. If someone has security concerns about the charger manufacturer, they’ll get a power-only cable from a trusted party and use that, there is no benefit to anyone from the charger manufacturer providing a power-only cable except, I guess, for customers for whom the charger manufacturer is a trusted party, who wants a cable they can use with the original charger and also when they are charging from untrusted other chargers on the road, but compared to people who are better served by dual use cables and people who will use a separately-acquired “safe” cable with any charger, that’s going to be a very small audience.
That you are correct. It creates no small security risk (as does the overly-chatty relation between batteries and function boards nowadays)
(I am not sure you could produce a battery bomb without a separate back-signal to detonate it)
USB was never a very far sighted show, It's undergone so many revisions to squeeze more transfer of power and data out of it than is good.
There are analogue methods. Current sensing and current limiting circuits are ancient. You can build really sophisticated power supply designs that match supply and sense problems. You can even encode data as a side channel on the power lines themselves. But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.
The security issue isn’t that there are separate data lines, it’s that there’s a data communication channel between charger and device.
So, encoding data as a side channel won’t fix the security issue.
Yes, you can only eliminate the security issue by eliminate the functionality requiring communication.
You can, however, mitigate the security issue and narrow the range of potential attacks by having a dedicated-purpose channel that only is connected to capabilities related to the functionality for which it exists. Security is always a balancing act of how to mitigate the risk associated with desired functionality; shedding functionality is only the optimal solution where the risk outweighs the benefits of the functionality.
USB-C PD standard basically does this (well, on a side channel compared to the main data lines, at any rate.)
> But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.
Pretty sure that the reason the pre-USB-C quick charging non-standard implementations that used existing data lines didn’t do so because it was cheaper to build but because it was more useful for users to not have to have special, incompatible cables for charging.
The security risk emerges from the fact that the charger might be a usb/thunderbolt device, exploit those interfaces and exfiltrate data from your system. It's absolutely feasible to build such devices, the only hard part is the exploit.
The main reason a data connection of some kind is necessary, is because it allows for universal chargers (the U in USB means "universal", after all). The same charger can be used for a laptop charging at 36V and 5A (https://frame.work/blog/framework-laptop-16-deep-dive---180w...), and a phone which cannot tolerate anything above 5V and needs less than 3A. Even old "barrel plug" laptop chargers often already had some kind of data connection (for instance, old Dell chargers, which output a fixed 19V, could tell the laptop whether they are a 65W or a 95W charger, you can see it on the BIOS screen).
And for compatibility, the USB 2.0 wires (the negotiation described above happens on the separate CC wire) are also necessary. The way old USB-A phone chargers told the phone (which usually had a micro-B plug) they're a charger was through the USB 2.0 wires. The standard way of doing that is shorting both USB 2.0 wires together, but there are proprietary alternatives which do something else with these wires. A USB-C charger can charge these old phones through either a USB-C to micro-B adapter together with a USB-C cable, or a USB-C to micro-B cable.
> How do you approach this security threat? Or do you not do anything about it at all?
Frankly speaking, the security threat I'm more worried about is a low-quality or damaged charger accidentally putting unfiltered 127V AC into the USB port. The best way to protect against that threat, which also protects against the "charger is a malicious USB data device" threat you're worried about, is to carry and use only your own high-quality charger, together with a portable surge suppressor (which has a MOV with a fuse).
I just can't man, I fucking can't anymore with the Internet and people's need for everything to be spoon fed and assuming that everyone else has lost all information literacy.
a random example that has it: https://www.anker.com/products/a8365
you can connect your charger into the PD port, and the hub into your device to charge.
Why should I care?
- A USB charger-looking device could, in addition to charging, perform malicious actions which involve being another USB device. For example, it may pretend to be a keyboard and enter commands without your knowledge.
- Also from what I can tell here after a brief reading: Intel exposes JTAG functionality over USB ports (https://global.ptsecurity.com/analytics/where-theres-a-jtag-...) and I would think a malicious USB device could freeze the CPU by making the CPU enter probe mode, then dump its RAM through JTAG commands, getting encryption keys and other data if it wanted. As far as transmitting that data: low power Android devices with cellular capability will definitely fit in a charger-looking device. (Heck, there are SD cards with Wi-Fi capability in them.) Hope no one opens it up though.
But data cables in USB chargers also provide conveniences to ordinary people (which other comments mention). TANSTAAFL
what?
Coined by Heinlein in The Moon is a Harsh Mistress.
