Originally Posted by
good_eats
Would agree that the prevalence of this likely very low, but I don't think anyone can credibly claim there hasn't been a "single attack" as we simply wouldn't know. That said if you think about the different types of attacks in a relatively simplistic way there are targeted attacks (e.g. looking to compromise a particular phone/individual) and widespread attacks (cast a wide net and hope to catch many). A USB compromise is not particularly good for either. It's difficult to target with this type of attack unless your target always uses the same public charge port that you might be able to compromise, but if someone has the ability to discover this and pull off the physical hack they probably have easier access to other tools to compromise a target. As a widespread attack the number of people that will use a charge port is very low compared to other online attacks and again, there are more cost effective ways of compromise here.
That being said, the "cost" of negating this attack is to simply use the charger you already have in your bag and plug into an outlet rather than using a USB port. Pretty small cost here as well.
Not that there haven’t been a “single attack”, but it’s still the case that there hasn’t been a “single reported attack”:
https://slate.com/technology/2023/04...-debunked.html
But it’s still relevant to know: If it has been used in just 1 random USB port, sure, it may not be caught / reported. However, any attacker using it in a non-targeted attack would probably have put out more than one such compromised port, and every such port increases the risk of detection as more people fall under the potential of such an attack.
Where I could see this currently being used is in a targeted approach as you noted: my office, for example installed those AC port + USB combo plug points on all desks. If you are targeting someone specific, all you’d need to do is figure out where they normally sit and mess with the USB port on the desk: eventually they’d get hit.
Or even replace their normal USB-C charger with a compromised one… Apple chargers seem like they’d be good candidates, given how they’ve not yet miniaturised with GaN like most chargers you now find on the market.
I think, in a worst-case scenario where your only option is to plug into a public USB port (or even use a USB charger at a hotel / restaurant / etc.), an easy way to defeat such attacks is to turn off the phone and then not unlock it while it is plugged in. The BFU (Before First Unlock) state of iPhone and Android is further hardened against such attacks as compared to a phone which has already been logged into.
Originally Posted by
Xyzzy
This wh
le topic is a nothing-burger. It's clickbait from bloggers. Devices have moved on from the days of open permission for everything and autostart / autoplay for when a USB / CD / DVD is inserted. Heck - most machines don't even have a CD/DVD drive anymore.
Yes, but all it takes is one dev not paying attention to security to introduce a vulnerability into the equation. That Ars Technica article a few months ago was surprising:
https://arstechnica.com/security/202......-for-years/