Stop charging your phone in public
Only 33% of Android are reasonably up to date with their software, and without the necessary updates, you’re not getting security updates. With that in mind, find out what kind of harm USB can do to you.
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/13/2017
Why Public USB Charging is Destroying Computers
Craig Peterson: It’s time for another TechSanity check. Craig Peterson here. We’re gonna talk today about your USB device no matter what it is. Of course we had the CIA leaks, we had the NSA leaks of their tools. Did you know that there’s a whole lot more out there to be concerned about by hackers as well as some malicious people. That’s what we’re gonna talk about today. Stick around. Here we go.
Well we know the CIA and the NSA had been very busy coming up with all kinds of hacks. If you have an android device you are probably at more risk than almost anyone out there because most of the time, you’re gonna have a hard time getting updates. Only 33% of android are reasonably up to date with their software. And if you have a phone that’s no longer supported, guess what? You’re not getting security updates. So that’s just kinda your first warning here. But let’s talk about USB and USB devices.
There has been a number of different products out there that you can buy. For instance, there’s one called USB Killer and you can get it from the UK. It’s 50 Euros, so it’s a little bit more than that in dollars in the US. And what this device does is once you plug it in to a USB port, any USB port, and it comes with, if you get the Pro version, adapters for Apple’s lightning connector, for USB-C, and the good old USB. Now what it does is, once you’ve plugged it in, it pulls the power from the USB connector. Just like any USB device would do. And it saves and it stores it in the capacitor until it gets over 200 volts and then it does a little surge trick where it sends that power to whatever device is plugged in to. So most devices don’t have a particularly good check or defense for this type of an attack. And what this attack will do when that surge comes through is burn up your computer. And you can go to their website, I have a link to it here in my podcast and you can find out more right in the show notes. But what it does at that point depends on your device. So, an iPad Pro which is kinda confuses it a little bit, but it continues on its merry little way. But there are pictures of it being used with MacBooks and all kinds of different Windows laptops, television, anything with USB port on it. And it only takes this device just a second or so to charge up and then try and zap the devices plugged into and it will keep zapping until the device no longer works. How’s that for fun? How’s that for malicious, right? You’ve got a 2, 3, 4 thousand dollar laptop. You’ve got a $10,000 piece of equipment that you’re using for recording, editing, etc., that has a USB port on it and someone plugs one of these devices in it.
So rule number one, don’t plug a device into anything that you don’t know. In other words, if you don’t know that device, if you don’t know where it came from, if you don’t know its history, don’t plug it in. These USB Killer guys have a USB killer that looks just like a regular, cheap USB device. I have drives that look identical to this thing. So that’s a basic word of warning. Now the second thing is a lot of us are going out, right? And when we’re out, what do we do? We use our mobile devices. And when you see a USB port at the airport or elsewhere, you’re gonna automatically just plug your device in, get that quick charge before you hop on to a plane, right? You’re gonna charge it up when you’re at the local coffee shop. Why not, eh? Free power. Why not? Well, these types of devices are also being used to destroy equipment in these public USB spots. So they have a version that just has 2 wires. So they just hook it up inside. Easy enough to gain access to the most of these USB ports.
Now, they’re not always just trying to cause havoc here and cause you to spend thousands of dollars in replacing your equipment, your smartphone. It has a USB-C connector so you can use the newer, high-end phones as well, fry them. I don’t think they tried. In fact, I didn’t see a video of this. I don’t think they tried the latest MacBook Pro. Hopefully it’s pretty much immune to it. But USB-C is not something that’s guaranteed to be immune.
Now there’s another problem as well. And that has to do with hacking. There are a lot devices and software that goes along with those devices that when plugged into your computer, hacks your computer. So it plugs it in, there’s an autostart file, autorun file. Or maybe there’s something on that USB drive that you want to run and you go ahead and you run that file. And now your computer’s infected. There’s even versions, and we found this now from the NSA and the CIA’s leaks. There are even versions that it doesn’t matter whether or not your computer is set to autostart, autorun things that you put into them. it will infect your computer. It will be able to extract your data. So think about that. Twice really, before you go ahead and you plug your device into any public USB port. Or if you just find a USB drive lying around, don’t plug it in. Because there are malicious people out there. And people who are just plain dumb like you right?
So a couple of quick tips there. We’re gonna have to talk more, probably tomorrow, about what was in the CIA leak. It really looks like it’s legit. It really looks like it’s a very, very big deal. You know, you and I, we probably look at this and say yeah, of course the CIA is monitoring. Of course they’re trying to hack in. they’re trying to intelligence. They’re an intelligence agency. In years past, they would be recording people walking down the street in front of the embassy looking for cold drops, etcetera. Of course they’re hacking. Well, we’re gonna talk more about the types of hacks that they’ve had. What they’ve done. How they’re affecting, potentially here, our devices at home, at work and outside really as you’re walking around. It’s really, frankly, it’s kinda scary. Because there is a whole lot of malware that had been released. It’s in the hands of the bad guys. And we know Apple’s really fixed some of the bugs. And you know, Google’s probably gonna fix some of the android, and most certainly is. And some of us are gonna get those patches.
But ultimately, remember something. This is probably a snapshot of their tools from, it looks like, maybe 1st to 2nd quarter of 2016. So you can bet that they have found more holes in the software subsequent to that. So there’s more stuff that’s going on. There’s more things that are gonna be problems and you know, we’ll have to see what the ultimate answer is to try and resolve all of these software problems because people aren’t taking updates. I think they’re taking them a little bit more. I was talking last week with a couple of hosts of a morning drive show over on WGAN and carried across the state of Maine on a number of different stations. But, you know, they don’t really do their updates and they both have Mac laptops, the MacBook Pros. You’d think they would do them coz it is just so easy when it comes to the Apple equipment to be able to do the updates and they usually works. They don’t usually damage anything. Cause your machine to not boot anymore, etcetera. Etcetera. So it’s, you know, I don’t know.
Again something that’s interesting. Something that we will keep track of. And tomorrow, I promise, so if not tomorrow, maybe the day after. We will get more deeply into what the CIA leak means and what the NSA leaks meant. And you know, there’s a whole political side to this as well. Should this information be sent out if it was taken? Because it had to have been top secret or better, right? It had to have been information that was highly controlled. All of the software highly controlled. All of these tools highly controlled. It didn’t necessarily leaked in the US either. We were working with a number of different countries in developing these tools according to some of the documents that are in that leak.
Very interesting. Have a great day. We’ll do another TechSanity check tomorrow. And thanks for being with us. Bye-bye.