docbert

I'm not going to give any context to these photos, other than to state that the additional board you're seeing there is a Raspberry Pi W Zero, and no, it's not supposed to be there...









You really just don't know what might be behind that USB port you're plugging into...

gfunkdave

This is the main reason I plug into my own charger.

m.photog

To be honest, never even considered the possibility. I just bring my own power sources not knowing what will be available.

hfly

If you have sensitive information, you should not be using to charge your phone via USB. Regarding exploits, they happen all the time, I remember maybe 5 or 6 years ago traveling with someone well acquainted with "Fire sheep" and as we waited in the lounge for our flight he was able to access in real time probably half the people online in the lounge at the time......and that was just essentially a plug in.

gfunkdave

Fire Sheep was a Firefox extension about 10 years ago that let you sniff unencrypted wifi traffic and log in to other people's Facebook/Google accounts who were on the same network. It was patched long ago and is totally moot today because of the advent of everyone using TLS. Furthermore, it has absolutely nothing to do with what the thread is about: charging your phone on a public USB port.

GUWonder

Yes, but the point was that people downplayed the possibility of people exploiting a window to access the data that wasn’t encrypted and yet it was possible and done, including for some rather questionable purposes.

Worrying about juice-jacking a very recent model iPhone while your internet-connected TV has a built-in camera and/or microphone? The latter gets a warning from the FBI recommending to put black tape over the camera as TV operating systems on internet-connected devices are a vector of vulnerability and camera/mic-hijacking that way is possible. And guess where people tend to have a greater expectation of privacy? At home than on a bus/train/plane or other transport facility/center.

KRSW

Definitely a suspect place for a Pi0W to show up. BUT as I see it there, it appears to be set up for WiFi sniffing, not USB hacking. Agreed it's probably up to no good. Only one USB port of it is connected and it's the power port. Here's mine running this past week at the hotel I was staying at. Sadly, nothing unusual found and it seems pretty upset about that.





m.photog Ouch... Seriously, go invest in one of these:

tentseller

I had these before the hotels put in USB outlets. As a force of habit I kept using them, also due to my mistrust of usb outlets.
I use these on airplanes as well or a usb battery pack for in-flight power.

StuckInYYZ

Just as a datapoint...

In Toronto, the transit authority (TTC) has recently started to introduc buses which have USB charging at select seats (towards the back). You just provide the cable. There were several people already plugged in when I boarded one day. I saw someone with an android phone plug into a socket and up came the familiar do you want to allow access to the phone dialog box and that user hit yes without hesitation.

I'm not sure how the buses are wired, but there were 12 sockets by my estimate (four on two standing poles, and eight mounted on seats.... assuming two sockets per outlet). Assuming I had the right equipment, all I would want would be to just access local file systems. With the right knowledge, (as has been mentioned), you just need to copy photos, maybe email files and the downloads folder.... and you could compromise the user...

Juice jacking is highly unlikely to happen (although that possibility is growing every day), but as others have mentioned, carry your own powerbanks (select Walmarts in Canada are starting to offer loaner powerbanks...haven't tried them, but it is an interesting idea). TV and movies have made some of us paranoid, but you never know what technological toys are being cooked up (or how careless people can become). I only use public USB ports (on planes and trains) for two things.... powering my USB fan and USB reading light.