Originally Posted by
KRSW
Wow, lots of paranoia going on out here. While a USB attack is theoretically possible, and may be possible with ancient devices, but anything modern shouldn't be affected. I don't know about AppleLand, but over on the Android side of the fence, your phone will prompt you for permission if a USB device tries to connect. Android's not been susceptible to this type of attack since early 2013 (Android 4.2.2). Even if you did 1) unlock your phone AND 2) accidentally click Yes to grant permission, you still have to 3) manually enable Developer Mode *AND* 4) turn on USB Debugging **AND** then 5) grant SSH permission. That's 5 steps, and enabling Developer Mode is a multi-step process involving hidden menus, so your average user isn't going to be accidentally enabling that.
I have no doubt there are probably some zero day exploits that can enable all of that without user intervention (on both Android and iOS). Then again, it's been proven that you can simply hide a wifi adapter and malicious code i
n a USB cable. All of these exploits are pretty much saved and targeted at extremely important and/or dangerous people, not a random USB port in an economy seat in an airplane.
That all said... today, we worry about card skimmers at ATM machines and gas station pumps. Tomorrow, we'll probably have to worry about juice jacking.