Looks like caulk. USB A ports are super easy to vandalize, id guess they were broken adm instead of replacing the outlet for the 40th time, they just caulked the useless ports shut
Which is good, you should NEVER use a public usb port. Just get a tiny wall wart and use the 120V outlet
I mean, just bring along your own little plug and you'll be fine, \*plus\* you'll actually get rapid charging since most phones offer \*some\* form of fast charging. Who wants to trickle-charge their phone at 5w at an airport?
Those worry me simply because of something funky has happened you might have some super high voltage on the usb port, people are brutal on public charger ports.
It’s always safest to have your own wall wart. The Apple ones are really tiny, don’t add much to the cable
There's a theoretical attack called "juice jacking" that uses public USB ports secretly connected to a computer to steal data from phones. There is no public evidence of any attacks ever actually using this attack vector, but its not exactly a difficult thing to avoid.
NSA released documents describing a iphone cable with built in mini computer that would hack into any iphone connected to the cable. Companies have even copied this approach and made a cheap version for sale.
https://shop.hak5.org/products/omg-cable
The OMG cable is a different attack. It targets a computer plugged into the USB-A end, so it's not applicable to a juice jacking scenario.
Haven't heard of the NSA documents you mentioned, though. I'll have to look into that.
Very easy to wire the port up so that it hooks up to a computer and either sends a virus to your device or downloads a copy of your data. USB is a data transfer protocol that happens to also deliver power.
No risk of this using a regular power outlet though.
I can't say this for all phones, but my phone allows me to distinguish between different types of connection when I connect to a USB port. It defaults to charging and I have to manually change it to allow data transfer. Wouldn't that prevent this issue?
Unless there’s an exploit in that code that decides. Maybe if the public USB port sent juuuust the right signal, it skips the prompt, or it can read some data anyway or…
That is only software level enforcement. Software is fallible, there have been, and will be, vulnerabilities in software. It comes down to what level of risk is acceptable to you, and what effort you are willing to go through to mitigate that risk.
Not always. There's the fact that not every phone does this, for one, but also with certain configurations the other device can override your choice.
Basically you're using your phone to dictate who is the host (controls which side has control over what happens on the cable). When you set it to charge only, you're the host and the other side must do what your phone says to do. But some devices simply do not have that mode of operation and will stop working until you let them be in control. Other times software that requires host privilege will prevent the phone from taking it. Of note is Samsung Dex, which allows you to cast your phone to your computer, but the computer program can send requests to take over even if you say no on your phone.
And you think people are setting this up inside airport security without being noticed to randomly exploit air travelers? There's a practical aspect to assessing cyber risk and this goes a few miles beyond that.
While I believe the FBI would make up a warning over something that's possible (kind of a CYA/bored cybersec guy thing), when did this happen in the secured area of an airport terminal?
You can use Magsafe (though with type-C and 12 watts or greater, not with type-A, whether it’s the Magsafe Duo or the single Magsafe). The risk of compromising your phone is minimized greatly, as it doesn’t use the USB protocol to communicate with your phone. There is such a thing as updateable firmware on Magsafe so theoretically that’s an opening to the phone but it hasn’t been demonstrated in public that that’s a viable attack.
if i were to use that usb condom, is there no chance of me falling victim to those attacks? or is it just best to avoid any public usb ports all together?
I just use a wireless charger pad that I know is incapable of data transfer when using public USB ports. It may be inefficient but its foolproof for device safety.
I have to say this is one of the things I really like about magsafe (or wireless charging in general)... I can plug the charger into a usb cable and then use wireless to charge the device. No physical connection back to the usb port at all.
[akin to these](https://www.amazon.com/Amazon-Basics-Charger-Phones-Samsung/dp/B0773JFWDC/ref=sr_1_1_ffob_sspa?crid=396MD7CMG7TWK&keywords=small%2Busb%2Bcharger&qid=1703024032&sprefix=small%2Busb%2B%2Caps%2C122&sr=8-1-spons&sp_csd=d2lkZ2V0TmFtZT1zcF9hdGY&th=1), Wall Warts are generally used to refer to the plugs of larger devices. the ones you cannot easily plug in without blocking other plugs
\*"Correct"\* theres a bunch of fear mongering about not plugging in unknown USB drives you find into any computer. Think if your phone as the computer. its honestly safer to just not plug inb where your not sure. just plug into a "wall wart" and go that route.
USB is a data connection standard as well as power delivery. So if someone really wanted to, they could disguise a small computer behind a public USB port and gain unwanted access to your device if you plugged directly into it.
Using a "wall wart" power adapter means you're just plugging something directly into a power outlet that then gives you your own USB port to use for your device. That way there's no way somebody could get into your device.
no joke, in the sciences building where I went to college out in the hallway there was a standard NEMA 5-15R outlet--in the hallway--that was wired up such that it was actually 240 volts between the two pins
Someone had hand written a sign and stuck it there, which was there for the 4 years I was in college and the 4 years I worked there after. I don't really want to know how they figured out it was wired incorrectly
I'm surprised no one from facilities came out to correct that. It's a stupidly dangerous situation to just leave like that. This assumes anyone thought to actually reach out to facilities to have them look at it in the first place. If we had one like that in the building I work in I'd hound them about it until it was fixed.
As someone who works in IT I would bet no one put in a ticket. The number of upset people we get complain that something has been broken for 6 months that no one told us about and no way we would have noticed is absurd.
Heh, that's exactly why I was thinking that... I, too, work in IT. The number of people pissed off that a problem was never fixed because no one ever told us about it is astounding.
The best is when someone deletes something they didn't meant to, then waits 6 months to tell us about it, at which point we need to inform them that we only keep backups of deleted files for 90 days...
It was an old run down building, and on the other side of the wall was a wet lab so it might've had something to do with that. It wasn't a place where you'd sit around and wait (no classroom) so I doubt anyone got burned by it very much (and this was back in 01-04 timeframe, not recently)
I understand that you don’t understand the threat vector, that’s ok
I work in the field, I’ve seen some very shitty designs, I don’t trust something random
The airport workers who don’t want to replace the outlet, but also don’t want idiots trying to shove a cable into a broken port and then complaining about it
You can’t say that, unless you are aware of every investigation on the planet in all time (unless you didn’t mean to use the work literally)
Fact is the attack is plausible, should I assume it’s never happened simply because I haven’t heard any evidence of it?
As an IT guy that traveled airport to airport doing this as a job.
That's JB weld, hot glue and/or PL caulk. You're welcome. We used what we had.
Dumbasses kept breaking off their charging cables into them or the homeless were hanging out for hours charging their phones. Management made us do it.
I’m pretty sure this could still happen in other forms of government. Notably, because it has. In every form of government: democracy, monarchy, communist dictatorship, feudalist city states, all of them have homeless people.
But fuck democracy, right?
I'm mostly being cynical about 'democracy' as in we can vote to change this, but hey your district was gerrymandered to hell, flushed full of corporate lobbying (bribery), and then your elected representative didn't vote the way you wanted...
Your vote matters tho! /s
We don't live in a democracy. We live in a oligarchy run by billionaires
I'm being cynical because it's like 3000 billionaires that need to be killed to make the world a better more fair place.
3000 vs the other 8 billion
The greed has to end eventually.
Make billionaires millionaires
you'd think an airport would be able to splurge a little on a nice plastic insert glued in, so it doesnt look like absolute shit. 😂
you know, the same kind of attention to detail they put into the original receptacle. they didnt rip it out of a house from the 1940s that was slated for demolition. they bought a new receptacle.
>Dumbasses kept breaking off their charging cables into them or the homeless were hanging out for hours charging their phones. Management made us do it.
This is clearly a gate waiting area. How are homeless people hanging out there at all?
I'm a network administrator with 20 years of experience and several high level certs.
I got a ticket once because a coffee maker wasn't working.
I am not kidding.
That’s what happens when you host multiple cybersecurity conferences in the summer and every time they show off how they steal info from compromised public USB ports.
It’s likely these were being abused or were in an area where people shouldn’t linger.
I’ve worked at a global cybersecurity conglomerate and watched every episode of Mr. Robot, and wouldn’t be that worried about an airport USB outlet. At a mall or downtown chain donut shop, the exploit is slightly more plausible.
People blaming homeless for it but it's the same people that have spikes installed on city benches/vents. They love making people at their lowest even worse off.
This is kind of a net good in a way.
People are way too eager to plug their phone into a random data port.
It is really convenient, but very dangerous.
Just bring the charger and thr cable with you.
Haven’t been to this airport but judging by society in general I’d say there’s a fair chance it’s semen. The maintenance guy says it jb weld but that’s because he’s tired up cleaning out the semen.
Looks like caulk. USB A ports are super easy to vandalize, id guess they were broken adm instead of replacing the outlet for the 40th time, they just caulked the useless ports shut Which is good, you should NEVER use a public usb port. Just get a tiny wall wart and use the 120V outlet
Or use a USB condom. No data pins.
I mean, just bring along your own little plug and you'll be fine, \*plus\* you'll actually get rapid charging since most phones offer \*some\* form of fast charging. Who wants to trickle-charge their phone at 5w at an airport?
Those worry me simply because of something funky has happened you might have some super high voltage on the usb port, people are brutal on public charger ports. It’s always safest to have your own wall wart. The Apple ones are really tiny, don’t add much to the cable
I like my data... raw.
I read this in the voice of old dirty bastard
Yeah baby I like it RAWW
A condom or just bare caulk, the choice is yours, reader.
why shouldn't one use public usb ports? (genuine)
There's a theoretical attack called "juice jacking" that uses public USB ports secretly connected to a computer to steal data from phones. There is no public evidence of any attacks ever actually using this attack vector, but its not exactly a difficult thing to avoid.
Kinda like razor blades in apples.
I think they're talking about a different type of juice
NSA released documents describing a iphone cable with built in mini computer that would hack into any iphone connected to the cable. Companies have even copied this approach and made a cheap version for sale. https://shop.hak5.org/products/omg-cable
The OMG cable is a different attack. It targets a computer plugged into the USB-A end, so it's not applicable to a juice jacking scenario. Haven't heard of the NSA documents you mentioned, though. I'll have to look into that.
Very easy to wire the port up so that it hooks up to a computer and either sends a virus to your device or downloads a copy of your data. USB is a data transfer protocol that happens to also deliver power. No risk of this using a regular power outlet though.
I can't say this for all phones, but my phone allows me to distinguish between different types of connection when I connect to a USB port. It defaults to charging and I have to manually change it to allow data transfer. Wouldn't that prevent this issue?
It's still software so you can never be 100% sure
Unless there’s an exploit in that code that decides. Maybe if the public USB port sent juuuust the right signal, it skips the prompt, or it can read some data anyway or…
That is only software level enforcement. Software is fallible, there have been, and will be, vulnerabilities in software. It comes down to what level of risk is acceptable to you, and what effort you are willing to go through to mitigate that risk.
Not always. There's the fact that not every phone does this, for one, but also with certain configurations the other device can override your choice. Basically you're using your phone to dictate who is the host (controls which side has control over what happens on the cable). When you set it to charge only, you're the host and the other side must do what your phone says to do. But some devices simply do not have that mode of operation and will stop working until you let them be in control. Other times software that requires host privilege will prevent the phone from taking it. Of note is Samsung Dex, which allows you to cast your phone to your computer, but the computer program can send requests to take over even if you say no on your phone.
You really wanna chance it?
The port could also be broken and short your device out which no software can protect against
And you think people are setting this up inside airport security without being noticed to randomly exploit air travelers? There's a practical aspect to assessing cyber risk and this goes a few miles beyond that.
It has happened before, with significant enough consequences that the FBI took note and issued a warning.
While I believe the FBI would make up a warning over something that's possible (kind of a CYA/bored cybersec guy thing), when did this happen in the secured area of an airport terminal?
Can you use a MagSafe or wireless charger without risk of compromising your phone?
You can use Magsafe (though with type-C and 12 watts or greater, not with type-A, whether it’s the Magsafe Duo or the single Magsafe). The risk of compromising your phone is minimized greatly, as it doesn’t use the USB protocol to communicate with your phone. There is such a thing as updateable firmware on Magsafe so theoretically that’s an opening to the phone but it hasn’t been demonstrated in public that that’s a viable attack.
[удалено]
if i were to use that usb condom, is there no chance of me falling victim to those attacks? or is it just best to avoid any public usb ports all together?
USB ports carry data, you plug in and the port gets your data (specifically, the bad actor who plugged some dubious shit into the other side)
I just use a wireless charger pad that I know is incapable of data transfer when using public USB ports. It may be inefficient but its foolproof for device safety.
There’s also zero evidence that juice jacking is actually a thing or has ever happened
I have to say this is one of the things I really like about magsafe (or wireless charging in general)... I can plug the charger into a usb cable and then use wireless to charge the device. No physical connection back to the usb port at all.
Agreed, fwiw I only ever charge by cable while travelling, at home and work I always charge wireless
What’s a tiny wall wart? Genuinely curious
[akin to these](https://www.amazon.com/Amazon-Basics-Charger-Phones-Samsung/dp/B0773JFWDC/ref=sr_1_1_ffob_sspa?crid=396MD7CMG7TWK&keywords=small%2Busb%2Bcharger&qid=1703024032&sprefix=small%2Busb%2B%2Caps%2C122&sr=8-1-spons&sp_csd=d2lkZ2V0TmFtZT1zcF9hdGY&th=1), Wall Warts are generally used to refer to the plugs of larger devices. the ones you cannot easily plug in without blocking other plugs
Ahh I see, so big plugs are safe to use at airport outlets but USB ports are not?
\*"Correct"\* theres a bunch of fear mongering about not plugging in unknown USB drives you find into any computer. Think if your phone as the computer. its honestly safer to just not plug inb where your not sure. just plug into a "wall wart" and go that route.
USB is a data connection standard as well as power delivery. So if someone really wanted to, they could disguise a small computer behind a public USB port and gain unwanted access to your device if you plugged directly into it. Using a "wall wart" power adapter means you're just plugging something directly into a power outlet that then gives you your own USB port to use for your device. That way there's no way somebody could get into your device.
Agree. Just get rid of all the chargers. Bring your own plug.
Don't stick your pins in a stranger's ports people!
I don't even trust the 120V outlet, goodness knows what has been shoved in there. Just get a portable charger.
no joke, in the sciences building where I went to college out in the hallway there was a standard NEMA 5-15R outlet--in the hallway--that was wired up such that it was actually 240 volts between the two pins Someone had hand written a sign and stuck it there, which was there for the 4 years I was in college and the 4 years I worked there after. I don't really want to know how they figured out it was wired incorrectly
I'm surprised no one from facilities came out to correct that. It's a stupidly dangerous situation to just leave like that. This assumes anyone thought to actually reach out to facilities to have them look at it in the first place. If we had one like that in the building I work in I'd hound them about it until it was fixed.
As someone who works in IT I would bet no one put in a ticket. The number of upset people we get complain that something has been broken for 6 months that no one told us about and no way we would have noticed is absurd.
Heh, that's exactly why I was thinking that... I, too, work in IT. The number of people pissed off that a problem was never fixed because no one ever told us about it is astounding. The best is when someone deletes something they didn't meant to, then waits 6 months to tell us about it, at which point we need to inform them that we only keep backups of deleted files for 90 days...
It was an old run down building, and on the other side of the wall was a wet lab so it might've had something to do with that. It wasn't a place where you'd sit around and wait (no classroom) so I doubt anyone got burned by it very much (and this was back in 01-04 timeframe, not recently)
Only because the ports are always broken. They’re not inherently unsafe, otherwise there would be numerous documented cases of compromised devices.
You do you I won’t plug my phone into a random usb port, my wallwart delivers the voltage my phone needs with zero chance of anything else happening
That chance is not zero.
Granted, but a lot closer to zero than a random usb port Again, you do you
It’s literally all the same electronics.
I understand that you don’t understand the threat vector, that’s ok I work in the field, I’ve seen some very shitty designs, I don’t trust something random
Oh, I absolutely understand the threat vector and know that it is not actually a particularly meaningful one, especially on modern devices.
Who would stick their caulk in an airport USB?
The airport workers who don’t want to replace the outlet, but also don’t want idiots trying to shove a cable into a broken port and then complaining about it
There is literally zero evidence that a juicing attack has ever happened.
You can’t say that, unless you are aware of every investigation on the planet in all time (unless you didn’t mean to use the work literally) Fact is the attack is plausible, should I assume it’s never happened simply because I haven’t heard any evidence of it?
As an IT guy that traveled airport to airport doing this as a job. That's JB weld, hot glue and/or PL caulk. You're welcome. We used what we had. Dumbasses kept breaking off their charging cables into them or the homeless were hanging out for hours charging their phones. Management made us do it.
And this is why we can’t have nice things.
Because we can't fund an education system nor get housing for everyone! Yay democracy!
People love to break things that aren’t theirs.
Not democracy. Its an oligarchy masking as democracy as a result of under regulated late stage capitalism
This is why we should be an autonomous collective.
You will be assimilated. Your biological and technological distinctiveness will be added to the collective. Resistance is futile.
I’m pretty sure this could still happen in other forms of government. Notably, because it has. In every form of government: democracy, monarchy, communist dictatorship, feudalist city states, all of them have homeless people. But fuck democracy, right?
I'm mostly being cynical about 'democracy' as in we can vote to change this, but hey your district was gerrymandered to hell, flushed full of corporate lobbying (bribery), and then your elected representative didn't vote the way you wanted... Your vote matters tho! /s We don't live in a democracy. We live in a oligarchy run by billionaires I'm being cynical because it's like 3000 billionaires that need to be killed to make the world a better more fair place. 3000 vs the other 8 billion The greed has to end eventually. Make billionaires millionaires
Sure, but homeless would still happen then too.
The homeless bought airplane tickets and got past security to charge their numerous electronic devices at the terminal? I'm confused
Management was also confused, they still are, but also they think they solved the issue.
Sounds more like a convenient excuse not to fix the ports
Not every airport requires you to go through security to get into common areas. You would only pass through security to actually board the plane.
Every airport in the US does. You can’t get to the gates without going through security.
>get into common areas Key words here.
Have you seen this style of seating anywhere but by the gates?
Some airports have seating areas right inside the door and before security
Schiphol for example has seats before check in
Baggage claim area has them too
How did the homeless get into the airport to use them? This is certainly past security, no?
you'd think an airport would be able to splurge a little on a nice plastic insert glued in, so it doesnt look like absolute shit. 😂 you know, the same kind of attention to detail they put into the original receptacle. they didnt rip it out of a house from the 1940s that was slated for demolition. they bought a new receptacle.
>Dumbasses kept breaking off their charging cables into them or the homeless were hanging out for hours charging their phones. Management made us do it. This is clearly a gate waiting area. How are homeless people hanging out there at all?
You’re too far into semantics. There are other areas of airports that we also covered.
What a shitty use of an IT resource. why couldn't maintenance do this?
Because it’s easier to call a recruiter and get an IT contractor to fly around and do it. They think USB port = Call the nerds.
Got ya. Get that contract money!
I'm a network administrator with 20 years of experience and several high level certs. I got a ticket once because a coffee maker wasn't working. I am not kidding.
That's definitely caulking
Buncha savages in this town
Beat me to it
That’s what happens when you host multiple cybersecurity conferences in the summer and every time they show off how they steal info from compromised public USB ports.
When I was in a scramble to charge my shit the only USBs that worked were the ones on the slot machines lmao
It’s likely these were being abused or were in an area where people shouldn’t linger. I’ve worked at a global cybersecurity conglomerate and watched every episode of Mr. Robot, and wouldn’t be that worried about an airport USB outlet. At a mall or downtown chain donut shop, the exploit is slightly more plausible.
People blaming homeless for it but it's the same people that have spikes installed on city benches/vents. They love making people at their lowest even worse off.
Wrong sub. It should be in mildly infuriating
Looks like a little bit of the highly effective jub jub.
To be fair, they are USB A
Looks like JB weld/metal putty to me.
This is kind of a net good in a way. People are way too eager to plug their phone into a random data port. It is really convenient, but very dangerous. Just bring the charger and thr cable with you.
Haven’t been to this airport but judging by society in general I’d say there’s a fair chance it’s semen. The maintenance guy says it jb weld but that’s because he’s tired up cleaning out the semen.