[Community] Protecting USB data pins

Ryan de Laplante (personal) ryan at ryandelaplante.ca
Wed Aug 20 16:14:22 CEST 2014


On 20/08/14 03:24 AM, Dr. H. Nikolaus Schaller wrote:
> 
> Am 20.08.2014 um 08:38 schrieb Ryan de Laplante (personal):
> 
>> There is a product called LockedUSB (http://www.lockedusb.com) that
>> protects your devices from attack when using untrusted charger devices
>> while traveling. It disables the data pins in a way that still allows
>> for rapid charging.
>>
>> I think it would be neat if the Neo900 (or a future version of it) had
>> this type of functionality built in. It could be always on by default,
>> and temporarily toggled off with software when you need to use the data
>> lines.
> 
> Nice idea.
> 
> But my first thought: I always take along my own charger while travelling.
> And just in case, I could buy and use a LockedUSB if I really think I need it.
> If I am travelling I already have some adapters with me.
> 
> Next: since it is open hard&software, you can disable the OTG port drivers
> by not initializing the TPS65950 in u-boot and/or the kernel. Or add more
> protection to the software. Or add a driver that checks which data is coming
> in from a charger...
> 
> IMHO the main problem that is solved with the LockedUSB is with mobile
> devices where you have no control over the bugs of the USB stack and
> therefore have to expect that some untrusted charger can do harmful
> things to your device and data. And you have no chance to protect your
> device otherwise.
> 
> So why should additional hardware be integrated in every unit?
> 
> BR,
> Nikolaus

To answer your last question, one possibility is when people are pulled
over by the police and then have their cell phone taken without their
permission. The officer takes it back to his/her car, plugs it into
their computer and downloads everything they can using specialized
software. Maybe they even install spyware before giving it back. If the
data pins were always disabled (except when you tell it not to), you
could protect your right to privacy by demanding a lawyer & warrant.


Ryan





More information about the Community mailing list