"Juice Jacking" — Are USB ports on aircraft or even Amtrak safe?
#31
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,159
I'm not going to give any context to these photos, other than to state that the additional board you're seeing there is a Raspberry Pi W Zero, and no, it's not supposed to be there...
You really just don't know what might be behind that USB port you're plugging into...
You really just don't know what might be behind that USB port you're plugging into...
#32
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
This is the main reason I plug into my own charger.
#33
Join Date: Feb 2006
Location: Proud resident of flyover country.....
Programs: MS AMEX PLAT- Marriott Titanium-HH G- UA Silver-JPM RC . DL-AA-BA
Posts: 3,892
To be honest, never even considered the possibility. I just bring my own power sources not knowing what will be available.
#34
FlyerTalk Evangelist
Join Date: Jan 2000
Posts: 15,347
If you have sensitive information, you should not be using to charge your phone via USB. Regarding exploits, they happen all the time, I remember maybe 5 or 6 years ago traveling with someone well acquainted with "Fire sheep" and as we waited in the lounge for our flight he was able to access in real time probably half the people online in the lounge at the time......and that was just essentially a plug in.
Last edited by Moderator2; Dec 1, 2019 at 8:44 pm Reason: Edited by moderator for clarity and removal of off topic section
#35
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
If you have sensitive information, you should not be using to charge your phone via USB. Regarding exploits, they happen all the time, I remember maybe 5 or 6 years ago traveling with someone well acquainted with "Fire sheep" and as we waited in the lounge for our flight he was able to access in real time probably half the people online in the lounge at the time......and that was just essentially a plug in.
Fire Sheep was a Firefox extension about 10 years ago that let you sniff unencrypted wifi traffic and log in to other people's Facebook/Google accounts who were on the same network. It was patched long ago and is totally moot today because of the advent of everyone using TLS. Furthermore, it has absolutely nothing to do with what the thread is about: charging your phone on a public USB port.
Last edited by Moderator2; Dec 1, 2019 at 8:43 pm Reason: Edited by moderator to compensate for removal of previous poster's off topic section
#36
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Yes, but the point was that people downplayed the possibility of people exploiting a window to access the data that wasn’t encrypted and yet it was possible and done, including for some rather questionable purposes.
Worrying about juice-jacking a very recent model iPhone while your internet-connected TV has a built-in camera and/or microphone? The latter gets a warning from the FBI recommending to put black tape over the camera as TV operating systems on internet-connected devices are a vector of vulnerability and camera/mic-hijacking that way is possible. And guess where people tend to have a greater expectation of privacy? At home than on a bus/train/plane or other transport facility/center.
Worrying about juice-jacking a very recent model iPhone while your internet-connected TV has a built-in camera and/or microphone? The latter gets a warning from the FBI recommending to put black tape over the camera as TV operating systems on internet-connected devices are a vector of vulnerability and camera/mic-hijacking that way is possible. And guess where people tend to have a greater expectation of privacy? At home than on a bus/train/plane or other transport facility/center.
#37
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,622
m.photog Ouch... Seriously, go invest in one of these:
#38
FlyerTalk Evangelist
Join Date: Nov 2009
Location: Earth. Residency:HKG formerly:YYZ
Programs: CX, DL, Nexus/GE, APEC
Posts: 10,689
#39
Join Date: Jan 2015
Posts: 2,918
Just as a datapoint...
In Toronto, the transit authority (TTC) has recently started to introduc buses which have USB charging at select seats (towards the back). You just provide the cable. There were several people already plugged in when I boarded one day. I saw someone with an android phone plug into a socket and up came the familiar do you want to allow access to the phone dialog box and that user hit yes without hesitation.
I'm not sure how the buses are wired, but there were 12 sockets by my estimate (four on two standing poles, and eight mounted on seats.... assuming two sockets per outlet). Assuming I had the right equipment, all I would want would be to just access local file systems. With the right knowledge, (as has been mentioned), you just need to copy photos, maybe email files and the downloads folder.... and you could compromise the user...
Juice jacking is highly unlikely to happen (although that possibility is growing every day), but as others have mentioned, carry your own powerbanks (select Walmarts in Canada are starting to offer loaner powerbanks...haven't tried them, but it is an interesting idea). TV and movies have made some of us paranoid, but you never know what technological toys are being cooked up (or how careless people can become). I only use public USB ports (on planes and trains) for two things.... powering my USB fan and USB reading light.
In Toronto, the transit authority (TTC) has recently started to introduc buses which have USB charging at select seats (towards the back). You just provide the cable. There were several people already plugged in when I boarded one day. I saw someone with an android phone plug into a socket and up came the familiar do you want to allow access to the phone dialog box and that user hit yes without hesitation.
I'm not sure how the buses are wired, but there were 12 sockets by my estimate (four on two standing poles, and eight mounted on seats.... assuming two sockets per outlet). Assuming I had the right equipment, all I would want would be to just access local file systems. With the right knowledge, (as has been mentioned), you just need to copy photos, maybe email files and the downloads folder.... and you could compromise the user...
Juice jacking is highly unlikely to happen (although that possibility is growing every day), but as others have mentioned, carry your own powerbanks (select Walmarts in Canada are starting to offer loaner powerbanks...haven't tried them, but it is an interesting idea). TV and movies have made some of us paranoid, but you never know what technological toys are being cooked up (or how careless people can become). I only use public USB ports (on planes and trains) for two things.... powering my USB fan and USB reading light.