I always bring a 20Ah powerbank with me and charge them at public USB (and maybe charge the phone via PB at the same time). So there's no way to hack a phone that way. But mostly I don't use them at all becouse they're usually very slow and inconvinient (if they're work at all)
Yeah here in metro / trams there are USB power sockets but there's always a risk of hacking when usb has data wires too and also on each station it gets turn off and gets turn on after metro starts so frequent charging and discharging
most likely if we saw an attack like this in the wild, it would target specific popular older devices that aren't patched. it's not all *that* difficult to look up old CVEs and write software to take advantage of them; the CVE itself usually explains exactly how the attack would work. the big problem is the range of devices and how different they all are. so it's very possible that this method could be used as a vector for attacking older or unpatched iphones or samsung devices, as these are both fairly popular targets and there are plenty of people running them on old firmware versions. the biggest challenge would probably be not getting caught screwing with public chargers, but this isn't an insurmountable challenge either.
Most public chargers are only used in a pinch anyway. Many people prefer power banks because public charging outlets are usually on the old standard where it's limited to 1.4a per usb connection and, if multiple people are using the charging outlets, you can be throttled to even less power because it has a power supply that can supply power that's less than the possible full demand of all the connections.
@@ianbelletti6241 Yah, if I know I might be somewhere long enough for charging to be an issue, I'll bring my own charger that I can plug into any old outlet. ...And/or charge my phone in my car on the way there.
More concerned about the port frying my devices, this could be someone simply acting out of malice, or even just a faulty port (are hotels really going to go for the most expensive ports with lots of protection?).
USB has fuses on both ends. USB killers are specially designed repeated high voltage burst attacks and wouldn't occur from a faulty charger. The only thing hackers would achieve is a loss of reputation of whatever business had the charging port, I'd be much more worried about your phone getting stolen or something.
you could also use a usb data blocker which physically has no connections to the data pins, or you could make a cable serving the same function by cutting through the data wires
One of the things my GF always tells me on the bus is that they're not power-surge-protected, and that a ton of people have experienced battery issues after charging their phone on the bus. That's the main issue that I have, and it's often overlooked. I never hear this point being brought up in any of these kinds of videos.
"Someone with one very specific model of phone would have to plug into their charging station." Which is incredibly easy to anticipate if it's an iPhone.
The problem with that theory is that everything is "potentially" dangerous. Risk assessment should be done, but sometimes you just to roll the dice and less dangerous things
@@firesliver7 My approach doesn't preclude doing risky things, it just promotes taking reasonable steps to mitigate the risk. Helmets for bicycles, a weapon for home defence, excess supplies when camping, a USB protector when plugging into public ports, that sort of thing.
And the manufacturers have already taken the precautions. That's why phones don't allow data transmission over USB without explicit permission from the user. Despite this blowing up in the media recently, there has still never been even a single case of this exploit in the wild. What's really telling about this, is that you have law enforcement agencies warning people that their phones will be hacked if they plug into a public charger for even a moment, while at the same time lamenting that they can't break into phones in their labs with dedicated equipment and weeks or months of time when searching for evidence. Those two statements are completely contradictory!
If you're really worried about this... I insist that USB data isolators (or whatever you call them), power banks and all connectors should be in transparent cases. Otherwise, we cannot know for sure what is inside them.
*I bought a USB 2xA and 1C it says 65W and yeah the phone charges pretty fast on the USB A but the USB C is charging my camera really slowly, slower than when the camera is plugged into the laptop*
Power banks ftw, honestly. Its a thing for many years now. Cheap too. 20 bucks for 10 changes of a modern expensive phone. If that ain't cheap, i dunno what is. Spend 40-50 bucks, and its even better.
Thanks for the explanation! The easiest way to not get "juice jacked", is to use power banks or to use a "power only-USB-cable", the added benefit, they are most times cheaper than normal ones (to check if your USB cable is "power only" try plugging your phone with the cable into a trusted device that can read/write data (PC for example), if it can't be "connected" due to the cable, you could be more certain that its a "power-only-USB-cable"). (A power-only-USB-cable is a cable that has only the power wiring of the USB-port, when there are no physical data connection wires.)
No, the easiest way not to get "juice jacked", is exactly as they show in this video, to use public USB chargers as normal, and simply not go through the hoops of enabling USB data on your phone. As he says in the video, no attack has ever been seen in the wild, because it's completely impractical, and because phones are hardened against exactly this type of attack.
Another option you can use if you're paranoid is to get a "USB condom", a special adaptor that plugs onto your phone's syncing cable that blocks data signals but allows power to pass through. You can also buy charging only cables for lightning and USB-C you can use over the regulator sync cable for your phone.
Years ago, while going through a contentious divorce, my phone was imaged by a data forensics service as part of discovery. It was a then new Pixel model and proved a bit tricky to do because it had a habit of rebooting in response to the attempts
Technically possible yes, but someone would have to be either very stupid or desperate to waste such a good exploit on this. Also considering the many variants of fast charging out there, taking your own cable + brick seems like the best solution
I'll give you a tip to avoid data transfer. Buy a long (8t or more) very cheap cable, like dollar store cheap. Those are physically incapable of data transfer, you can test it by trying to connect it to your pc, nothing happens.
not to mention your sponsor directly, but they sparked the idea; Can you do a short circuit on the eco systems for RGB/fans like corsairs ICUE? there's a lot out there and some have interoperability with others/ without. I feel LMG would be able to explain it well for the average person that wants to: A: spend extra to make their PC look ballin/sound silent. B: not spend extra, extra to have multiple controllers to control each ECO system. C: know the actual performance hit for the software involved. I know C has been done several years ago on this channel to some degree. However with labs needing to earn its pay(lol), and many of the software suites involved having matured(in theory). current performance metrics deserve a recap. As I recall, some were super bad, but may be more/less impacted by modern/older hardware. It could easily be a video series redone every couple years. "visual PC systems" or some such. Its a very seldom covered topic I believe you all could do well; thanks in advance. PS. I have a friend who spent less than 700$ on core system components, but bought all Noctua shiz for sound.. There's a lot of people who spend the money for "nice to haves" instead of maxing out raw power... that's why i buy mac laptops. Don't make fun of me. but here's some anecdotes for why this video idea matters. PPS. I spent more time editing this comment than writing it.
With most modern processors now having so much more performance compared to their previous gen (especially on desktop) i think it shouldn't be that hard to keep this app in the background. I mean there's a lot of people who just kept the browser open and then went to play a game and that is still fine too. As for nice to haves, well they are nice to haves, if they like RGB they can decorate their PCs with RGB, If they want super silent fans then they can do that too. Same as people putting spoilers, body kits on their cars even though it won't give any performance in normal day to day use. Mac laptops (pre M series era) are not that great at maxing out raw power, yes their OS are much more optimized than windows, but they also made a laptop with no cooling (macbook air 2020). Which will made it throttle instantly the second you give something heavy for it.
This is technically possible. But, remember that most of the times USB chargers are under eyesight from security, being it the owner of the place or security cameras. If someone would try to hack them they would be probably be spotted soon enough.
@@SF2K01 The newer ones with intelligence built-in are a worry. Especially if it has a Ras-Pi in it. For travel, use the old-school type that just has a battery and basic circuitry. That's actually the only type I have. If I need volt/amp readings, I use a multimeter, which can be used for many other things.
I would be a lot more concerned about fake charging stations designed to kill your phone. We've already seen devices that look like a USB flash drive that are just a bunch of capacitors that build up then discharge all at once to kill your computer or at the very least your USB bus.
I have a charge cable and the data lines are not connected. Two resistors on on end to D- and D+ to ask for 500mA. Other end disconnected. No data transfer possible. Phone charges slowly.
Wouldn’t it be easy to mod a cord so only the charge pins are active eliminating virtually all chance of juice jacking? If so Linus and crew ought to post a list of such available cords or an instructional on how-to modify a regular cord…
Use a power-only USB cable, or just tape the middle two pins of the USB type A connector with electrical tape. Pins 1 and 4 are power, 2 and 3 are data.
good thing one of my usb-c cables is broken for data transfer but still charges. good to see one of my broken tech still serves a purpose. is there a way to mess with ur cable intentionally?
Reading through the comments on this video, it appears that almost nobody actually watched it! You spend the whole video explaining why people shouldn't worry about this. And yet all the comments are people worrying about this. You're the first person I've seen to actually expose this whole ridiculous thing, most people are so paranoid about this, despite phones not actually allowing it.
But my Samsung phone always asks me when I plug the cable to my pc if I want to transfer data or charge only so how would the steal my data when I select charge only
Juice jacking is not limited to hacking. Most phones, when connected to a PC will work as an external storage device. Some of those charging stations could simply be making a copy of that data which may contain personal information and photos. Not every ‘hack’ needs to be sophisticated. Sometimes the easiest ‘hack’ is the most effective.
If you plug in a cable that does only support charging (like the apple mac usb c or usb c to magsafe cable) you can charge without hesitation. Is it so?
Or you just use data blockers (they are around 1-2 dollars) and just connect the charging lines physically. The communication is handled from a chip in the adapter, not your phone directly, and you are absolutely safe.
I feel like a simple solution for this could be an adapter that simply doesn't make data connections between the cable and the phone. Since it would just be a few electrical connections it would be pretty easy & cheap.
I hope this does not happen with wireless chargers since it uses nfc and nfc can be used to send and receive data, I don't use wireless charging because it's too slow and makes the phone hot. There are already wireless charging stations and hackers might end up embedding a chip on the wireless charing stations to hack people with air drop capabilities to have access to peoples phone with using nfc to send and receive data. It's something to consider since convenience is used for most things nowadays.
Define 'off' ;) On most electronic devices these days there's no physical on/off switch. There's perhaps a button that turns the device on/off but that's just done in software. This means the device is always 'on', pushing the button just tells the device to power up all the way or go back to a sleep/standby state. For debugging purposes as well as accommodating repairs, most phones can still be (partially) accessed over USB even when turned 'off'. Now if you remove the battery from your phone then yes, that's pretty much as off as it can ever be. Most people however can't or won't remove their battery ;)
I just charge my phone at night so I don't need to recharge it during the day. The only time that doesn't work is when I'm on vacation and go through more battery life, and at that point I just head back to my hotel room and recharge it.
What if you only use a lead with the positive & negative connections without the data pins connected, that would save carrying a powerbank, wouldn't it?
This "Juice Jacking" thing is why I always have a powerbank on me. I can charge the powerbank from the public USB port and thanks to it being a powerbank; it's too dumb to get compromised. Meaning that I can safely use that powerbank to charge my phone or other portable device should the need arise
Why not just power down the phone before plugging it in? And leaving it off until it's finished charging. It'll charge faster and I don't believe any data can be exchanged while it's off.
Never use public USB ports. Someone can steal information with that, and you’d never know. Just get any power bank to bring with you when you’re on the go, Anker most likely still has a good 20,000 mAh one for 60 CAD or so.
Why not just hack a usb cable cut the data lines 🤔 Unless of cause 5v is not powerful enough. But what if you just turned off the device before charging? or is there access afterwards?
cant we have a substandard of USB that is ONLY power delivery and not have the data wires? this seems reasonable for older school USB, not sure about C
The whole reason USB can charge devices faster these days is because it can communicate between the charger and device what charge standard should be used. Removing that you'd then be stuck with old-school slow charging... The other issue here is: you'd have to either have two ports on your phone: USB C for charging/data and USB C for only charging, no company will want to sell a phone with multiple identical connectors. The alternative is some other port for charging, meaning we go back to the mid-2000s where you'd be carrying multiple chargers for each type of device... If the security is built into the public charger; how do you know it is safe? If they put up a sign 'this charger is safe', does that mean anything? Nope. In security, you cannot blindly trust a public charger to be safe, it might still have a data connection. This is why you'd have to have 2 ports on your phone.....
@@someguy4915 you're missing the point though. of course you wont be able to use data so that the device can communicate with the power source to get super speeds. its a public port. surely there's some sacrifice. and since most public ports are USB A anyway, we wouldnt be losing much in the way of having to have a USB A to C or A to micro cable. No need to have two ports on a phone, no need for multiple chargers. EDIT: maybe you thought I meant that the phone itself would have a PD only port. No, I meant that the wall plug could be a PD only female USB A.
@@abudhabikid No that's exactly my point. If you do not trust a public charger, why would you trust one that is supposed to be data only? Should the current ones already be data only anyway? :P If you're using the same port on your phone, that port that also allows data (or at least CAN allow data), you're 100% trusting the public charger to not try anything like hack your phone. There's no difference between current day public chargers (promise to charge your phone) and your idea (chargers promise to follow a standard that promises to only charge your phone), both are fully based on the same trust that the public charger is safe. The only way to make your idea work is to have the security built into your phone, so as I said one USB C port is the same as currently on phones and another port is next to it that does not have pins to allow data. That way you're trusting your phone to not be malicious, which you already trust with your data anyway so it better not be malicious. What the public charger does at that point doesn't matter as the security is in your phone, not the public (untrusted) charger. To draw a (rough) comparison; your idea is similar to saying: strangers might be untrustworthy so lets have a law saying that strangers aren't allowed to steal your wallet. Pickpockets are still going to break that law(or standard) :P The next point then naturally is: having two ports on your phone makes little sense. The solution to this already exists in charge-only cables. As long as it is your own cable you know it hasn't been tampered and so should be safe, rather than trusting the public charger (or strangers in my comparison).
@@someguy4915 fair, however: if we had this as a public charging standard, normies would plug their shit in either the same amount or less (because they might be made aware of security implications in a more frequent sense). similarly, those in the know would either continue using their own bricks or MAYBE inspect the public port to ensure that its only the two charging pins. so no, i think it would only help. maybe marginally.
You could carry a USB charge cube and USB cable. I am more worried about unfiltered power spikes on USB ports then "Juice Jacking." I really hate the term "Juice Jacking." It sounds like a team of 12 years came up with it.
I was having trouble with my battery lasting all day so I bought a battery case. It only makes the phone a little bit bigger than a standard case. My device will now last all day of listening to music and watching videos.
Because such a standard doesn't exist on USB as it would break compatibility. Also because WEP and WPA were broken decades ago, WPA-2 has been deemed unsafe for several years now and WPA-3 is only slowly becoming more common. So even Wifi security is somewhat questionable. If they'd implement this we'd be going back to each phone manufacturer having their own 'crappy' app on PC/Mac and hopefully Linux to access your phone...
Considering today’s data handling capabilities especially with countries like China (Hong Kong is a major travel hub), “paranoia” isn’t something you should attach to the data-safety of individuals. Since most public charging stations are run by big companies who see their shareholders as their true clients and thus will cut corners with anything to save some money, it would be pretty easy to ‘accidentally’ break a charging station and get the cheapest labourers they hire to install a harmless looking small box ‘to prevent further problems’. Also, it’s pretty fu€king unprofessional to call people paranoid. Hope you reflect on that.
we bring a Charging Brick in my wife's purse/ my backpack (it's and either/or situation, we only have the one brick). We charge the brick publicly and if our phones need charged when we are out like the brick did we just plug into the brick. It still rocks a usb micro b port it's so old, but we got it tested and its still at 18000 mah compacity. It was NOT CHEAP when we bought it lol
Actually, I bring power banks because most public charging points (or electrical outlets) at airports are broken, inconvenient, or both.
And if they do work they are usually slow and/or out of date. Public spaces should provide power outlets not USB ports.
I always bring a 20Ah powerbank with me and charge them at public USB (and maybe charge the phone via PB at the same time). So there's no way to hack a phone that way.
But mostly I don't use them at all becouse they're usually very slow and inconvinient (if they're work at all)
and usb c is much faster and i have a power bank with me anyway
Or there are Like two of them in the entire Airport and Always hogged
Yeah here in metro / trams there are USB power sockets but there's always a risk of hacking when usb has data wires too and also on each station it gets turn off and gets turn on after metro starts so frequent charging and discharging
Juice jacking is real. I once tried to charge my phone at an airport and someone stole my Capri Sun.
This... Just made my day, thank you.
n-no, not the capri sun! No! NOOOOOOOOOOOOO!
Capri sun isn't even real juice
@@C4Ti0 thank you for your input honey
HAHAHAHAHA
And that's why i tend to have a lot of powerbanks. And use public USB chargers to charge powerbanks instead of my phone.
But what if they hack your powerbanks and use it to gain access to your phone once you plug it in?!
@@argylleagenpowerbanks dont even have a way to transfer data, not even an OS or anything
@@nov1st /woooooooosh
@@superblaster01 how tf is it a joke, the comment seems more like actual stupidity than a joke
Actually I just bring a nuclear reactor with me. That way, I can power my portable phone, laptop, oven, microwave, and house
most likely if we saw an attack like this in the wild, it would target specific popular older devices that aren't patched. it's not all *that* difficult to look up old CVEs and write software to take advantage of them; the CVE itself usually explains exactly how the attack would work. the big problem is the range of devices and how different they all are. so it's very possible that this method could be used as a vector for attacking older or unpatched iphones or samsung devices, as these are both fairly popular targets and there are plenty of people running them on old firmware versions. the biggest challenge would probably be not getting caught screwing with public chargers, but this isn't an insurmountable challenge either.
Most public chargers are only used in a pinch anyway. Many people prefer power banks because public charging outlets are usually on the old standard where it's limited to 1.4a per usb connection and, if multiple people are using the charging outlets, you can be throttled to even less power because it has a power supply that can supply power that's less than the possible full demand of all the connections.
@@ianbelletti6241 Yah, if I know I might be somewhere long enough for charging to be an issue, I'll bring my own charger that I can plug into any old outlet. ...And/or charge my phone in my car on the way there.
More concerned about the port frying my devices, this could be someone simply acting out of malice, or even just a faulty port (are hotels really going to go for the most expensive ports with lots of protection?).
Surely that's not possible? USB cables can only throughput so much charge. If a port were to overload it would just kill the port, not the device.
@@BassLiberatorsever heard of the USB killer?
USB has fuses on both ends. USB killers are specially designed repeated high voltage burst attacks and wouldn't occur from a faulty charger.
The only thing hackers would achieve is a loss of reputation of whatever business had the charging port, I'd be much more worried about your phone getting stolen or something.
you could also use a usb data blocker which physically has no connections to the data pins, or you could make a cable serving the same function by cutting through the data wires
Isn't the downside that the device then cannot request faster charging?
@@K-o-R I doubt that some public usb charging port will offer fast charging
i have those squid cables with micro usb, usb c and lightning it charge fast even though no data
It's called a USB condom
One of the things my GF always tells me on the bus is that they're not power-surge-protected, and that a ton of people have experienced battery issues after charging their phone on the bus. That's the main issue that I have, and it's often overlooked. I never hear this point being brought up in any of these kinds of videos.
We get it, you have a GF
@@WillyJunior lol? I'm mentioning my GF as she used to work in a phone repair shop and repair said phones
@@loyalorange503 I APOLOGIZE GOOD SIR. Have a great day 💖
"Someone with one very specific model of phone would have to plug into their charging station."
Which is incredibly easy to anticipate if it's an iPhone.
If something is potentially dangerous then you should always treat it like it is dangerous, taking the precautions to make it as safe as possible.
The problem with that theory is that everything is "potentially" dangerous. Risk assessment should be done, but sometimes you just to roll the dice and less dangerous things
@@firesliver7 My approach doesn't preclude doing risky things, it just promotes taking reasonable steps to mitigate the risk. Helmets for bicycles, a weapon for home defence, excess supplies when camping, a USB protector when plugging into public ports, that sort of thing.
Well going out to the street is potentionally dangerous.
And the manufacturers have already taken the precautions. That's why phones don't allow data transmission over USB without explicit permission from the user. Despite this blowing up in the media recently, there has still never been even a single case of this exploit in the wild.
What's really telling about this, is that you have law enforcement agencies warning people that their phones will be hacked if they plug into a public charger for even a moment, while at the same time lamenting that they can't break into phones in their labs with dedicated equipment and weeks or months of time when searching for evidence. Those two statements are completely contradictory!
If you're really worried about this... I insist that USB data isolators (or whatever you call them), power banks and all connectors should be in transparent cases. Otherwise, we cannot know for sure what is inside them.
Lol that won't help much. You can hide basically anything in cables and circuitry
*I bought a USB 2xA and 1C it says 65W and yeah the phone charges pretty fast on the USB A but the USB C is charging my camera really slowly, slower than when the camera is plugged into the laptop*
Power banks ftw, honestly. Its a thing for many years now. Cheap too. 20 bucks for 10 changes of a modern expensive phone. If that ain't cheap, i dunno what is. Spend 40-50 bucks, and its even better.
Thanks for the explanation! The easiest way to not get "juice jacked", is to use power banks or to use a "power only-USB-cable", the added benefit, they are most times cheaper than normal ones (to check if your USB cable is "power only" try plugging your phone with the cable into a trusted device that can read/write data (PC for example), if it can't be "connected" due to the cable, you could be more certain that its a "power-only-USB-cable"). (A power-only-USB-cable is a cable that has only the power wiring of the USB-port, when there are no physical data connection wires.)
No, the easiest way not to get "juice jacked", is exactly as they show in this video, to use public USB chargers as normal, and simply not go through the hoops of enabling USB data on your phone. As he says in the video, no attack has ever been seen in the wild, because it's completely impractical, and because phones are hardened against exactly this type of attack.
this comment is stolen
Another option you can use if you're paranoid is to get a "USB condom", a special adaptor that plugs onto your phone's syncing cable that blocks data signals but allows power to pass through. You can also buy charging only cables for lightning and USB-C you can use over the regulator sync cable for your phone.
Years ago, while going through a contentious divorce, my phone was imaged by a data forensics service as part of discovery. It was a then new Pixel model and proved a bit tricky to do because it had a habit of rebooting in response to the attempts
But if you use a charge only USB cord (for Android) you're safe
Technically possible yes, but someone would have to be either very stupid or desperate to waste such a good exploit on this.
Also considering the many variants of fast charging out there, taking your own cable + brick seems like the best solution
Also while technically possible, there are no confirmed instances of this actually happening.
Love the early 90s throwback: "All Your Data Are Belong To Us"
Yessss. Loved that reference
I'll give you a tip to avoid data transfer. Buy a long (8t or more) very cheap cable, like dollar store cheap. Those are physically incapable of data transfer, you can test it by trying to connect it to your pc, nothing happens.
Top tier tip: if you want a charge-only cable: buy a charge only cable! What a life hack xD
3:10 this is an example of a very sophisticated attack, i mean look at those Wingdings.
Get a charge-only USB cable?
not to mention your sponsor directly, but they sparked the idea;
Can you do a short circuit on the eco systems for RGB/fans like corsairs ICUE? there's a lot out there and some have interoperability with others/ without. I feel LMG would be able to explain it well for the average person that wants to:
A: spend extra to make their PC look ballin/sound silent.
B: not spend extra, extra to have multiple controllers to control each ECO system.
C: know the actual performance hit for the software involved.
I know C has been done several years ago on this channel to some degree. However with labs needing to earn its pay(lol), and many of the software suites involved having matured(in theory). current performance metrics deserve a recap. As I recall, some were super bad, but may be more/less impacted by modern/older hardware.
It could easily be a video series redone every couple years. "visual PC systems" or some such. Its a very seldom covered topic I believe you all could do well; thanks in advance.
PS. I have a friend who spent less than 700$ on core system components, but bought all Noctua shiz for sound.. There's a lot of people who spend the money for "nice to haves" instead of maxing out raw power... that's why i buy mac laptops. Don't make fun of me. but here's some anecdotes for why this video idea matters.
PPS. I spent more time editing this comment than writing it.
After all this time editing this, I still did not capitalize the first word of the whole thing :(
With most modern processors now having so much more performance compared to their previous gen (especially on desktop) i think it shouldn't be that hard to keep this app in the background. I mean there's a lot of people who just kept the browser open and then went to play a game and that is still fine too. As for nice to haves, well they are nice to haves, if they like RGB they can decorate their PCs with RGB, If they want super silent fans then they can do that too. Same as people putting spoilers, body kits on their cars even though it won't give any performance in normal day to day use. Mac laptops (pre M series era) are not that great at maxing out raw power, yes their OS are much more optimized than windows, but they also made a laptop with no cooling (macbook air 2020). Which will made it throttle instantly the second you give something heavy for it.
2:06 skip ad
This is technically possible.
But, remember that most of the times USB chargers are under eyesight from security, being it the owner of the place or security cameras. If someone would try to hack them they would be probably be spotted soon enough.
"blue raspberry"
Riley said it like he's Batman 1:00
3:51 that specific high value target xD
Use it to charge your charger. You can also use a charge-only cable with no data line, kind of a hassle though.
But what if they hack my charger?!?
@@SF2K01 The newer ones with intelligence built-in are a worry. Especially if it has a Ras-Pi in it. For travel, use the old-school type that just has a battery and basic circuitry. That's actually the only type I have. If I need volt/amp readings, I use a multimeter, which can be used for many other things.
3:53 this shot is art.
I would be a lot more concerned about fake charging stations designed to kill your phone. We've already seen devices that look like a USB flash drive that are just a bunch of capacitors that build up then discharge all at once to kill your computer or at the very least your USB bus.
I found a 2 week old Sausage Egg McMuffin in a fridge and attached it to my head as a hat and drive around waring it
The video: You can't be hacked through a charger.
The comments: Everyone sharing the products they bought to prevent charger hacking.
Blue Raspberry 😂 I get that
Not as dangerous as... public wifi
This comment is sponsored by Nord VPN
You know what a public wifi is right? It's line a wifi... only its public. 😏
Or you can use cables that only have leads for power, at the expense of a slower charging. Anyway, I always carry some beefy powerbanks
I have a charge cable and the data lines are not connected. Two resistors on on end to D- and D+ to ask for 500mA. Other end disconnected. No data transfer possible. Phone charges slowly.
03:54 that shot of Linus is priceless hahahahah
At 1:16; that’s just a Pi-like SBC, not an actual Raspberry Pi since some components are not the same and the board color is red instead of green.
Wouldn’t it be easy to mod a cord so only the charge pins are active eliminating virtually all chance of juice jacking? If so Linus and crew ought to post a list of such available cords or an instructional on how-to modify a regular cord…
That is a charge only cable, and there are adapters usb c female usb c male that also do that, they only have the charger pins
When I hear the term juice jacking, I always think of the Lunk Alarm at Planet Fitness for some reason. 😅
Use a power-only USB cable, or just tape the middle two pins of the USB type A connector with electrical tape. Pins 1 and 4 are power, 2 and 3 are data.
good thing one of my usb-c cables is broken for data transfer but still charges. good to see one of my broken tech still serves a purpose. is there a way to mess with ur cable intentionally?
Seems like it would be good to have power only cables
the main proplem whit those is that you may not get the full charging speed the phone is cabable of.
@@mr.battlecats5512 how likely would it be that the outlet would support fast charging anyway?
Reading through the comments on this video, it appears that almost nobody actually watched it! You spend the whole video explaining why people shouldn't worry about this. And yet all the comments are people worrying about this.
You're the first person I've seen to actually expose this whole ridiculous thing, most people are so paranoid about this, despite phones not actually allowing it.
But my Samsung phone always asks me when I plug the cable to my pc if I want to transfer data or charge only so how would the steal my data when I select charge only
Juice jacking is not limited to hacking. Most phones, when connected to a PC will work as an external storage device.
Some of those charging stations could simply be making a copy of that data which may contain personal information and photos.
Not every ‘hack’ needs to be sophisticated. Sometimes the easiest ‘hack’ is the most effective.
For android that would only work on older phones. Newer ones default to charging only when connecting.
If you plug in a cable that does only support charging (like the apple mac usb c or usb c to magsafe cable) you can charge without hesitation. Is it so?
there are cables out there that don't transmit data, idk if you can buy them because the ones that I use came with my jbl headphones
Or you just use data blockers (they are around 1-2 dollars) and just connect the charging lines physically. The communication is handled from a chip in the adapter, not your phone directly, and you are absolutely safe.
there are adapters for this purpose that connect between the cable and the outlet, they only provide power, no data connection
love that specific value target bit XD
Alternatively, you can carry a USB cable with no data contacts on it
I don't know if it's just me or the video is bugged
And why does its resolution only go up to 720p
3:53 - Got me 😅
"All your data are belong to us" - nice reference!
The high value target made me laugh out loud for real. congrats. Legit rare that happens lol.
I feel like a simple solution for this could be an adapter that simply doesn't make data connections between the cable and the phone. Since it would just be a few electrical connections it would be pretty easy & cheap.
I hope this does not happen with wireless chargers since it uses nfc and nfc can be used to send and receive data, I don't use wireless charging because it's too slow and makes the phone hot. There are already wireless charging stations and hackers might end up embedding a chip on the wireless charing stations to hack people with air drop capabilities to have access to peoples phone with using nfc to send and receive data. It's something to consider since convenience is used for most things nowadays.
Does having USB debugging enabled make a difference? I suppose it's a slightly larger attack surface that way
Im sure that does have an effect.
You have to allow the connection first.
I never understood these. Why not just an outlet? For foreigners without an adapter?
what if you use a cable with only + and - with cut data lines?
Would turning off the device while charging not be a solution?
Define 'off' ;) On most electronic devices these days there's no physical on/off switch. There's perhaps a button that turns the device on/off but that's just done in software. This means the device is always 'on', pushing the button just tells the device to power up all the way or go back to a sleep/standby state.
For debugging purposes as well as accommodating repairs, most phones can still be (partially) accessed over USB even when turned 'off'.
Now if you remove the battery from your phone then yes, that's pretty much as off as it can ever be. Most people however can't or won't remove their battery ;)
Could you do one on safety of using nfc/ nfc on phone?
I just charge my phone at night so I don't need to recharge it during the day. The only time that doesn't work is when I'm on vacation and go through more battery life, and at that point I just head back to my hotel room and recharge it.
Couldn't you use a modified usb cable with the data lanes removed?
What if you only use a lead with the positive & negative connections without the data pins connected, that would save carrying a powerbank, wouldn't it?
This "Juice Jacking" thing is why I always have a powerbank on me. I can charge the powerbank from the public USB port and thanks to it being a powerbank; it's too dumb to get compromised. Meaning that I can safely use that powerbank to charge my phone or other portable device should the need arise
So what you're saying, is that you didn't even watch the video that you're commenting on?
I carry a 20,000 mAh charging brick with me when I travel. Never needed to use public charging stations anyways because they're always full.
Why not just power down the phone before plugging it in? And leaving it off until it's finished charging. It'll charge faster and I don't believe any data can be exchanged while it's off.
Never use public USB ports. Someone can steal information with that, and you’d never know.
Just get any power bank to bring with you when you’re on the go, Anker most likely still has a good 20,000 mAh one for 60 CAD or so.
4:08 well, actually, I don't think it would be too difficult to make one, with the right know-how, for under $10
Why not just hack a usb cable cut the data lines 🤔
Unless of cause 5v is not powerful enough.
But what if you just turned off the device before charging?
or is there access afterwards?
Thanks for the video!
cant we have a substandard of USB that is ONLY power delivery and not have the data wires? this seems reasonable for older school USB, not sure about C
The whole reason USB can charge devices faster these days is because it can communicate between the charger and device what charge standard should be used.
Removing that you'd then be stuck with old-school slow charging...
The other issue here is: you'd have to either have two ports on your phone: USB C for charging/data and USB C for only charging, no company will want to sell a phone with multiple identical connectors. The alternative is some other port for charging, meaning we go back to the mid-2000s where you'd be carrying multiple chargers for each type of device...
If the security is built into the public charger; how do you know it is safe? If they put up a sign 'this charger is safe', does that mean anything? Nope. In security, you cannot blindly trust a public charger to be safe, it might still have a data connection. This is why you'd have to have 2 ports on your phone.....
@@someguy4915 you're missing the point though. of course you wont be able to use data so that the device can communicate with the power source to get super speeds. its a public port. surely there's some sacrifice.
and since most public ports are USB A anyway, we wouldnt be losing much in the way of having to have a USB A to C or A to micro cable.
No need to have two ports on a phone, no need for multiple chargers.
EDIT: maybe you thought I meant that the phone itself would have a PD only port. No, I meant that the wall plug could be a PD only female USB A.
@@abudhabikid No that's exactly my point. If you do not trust a public charger, why would you trust one that is supposed to be data only? Should the current ones already be data only anyway? :P
If you're using the same port on your phone, that port that also allows data (or at least CAN allow data), you're 100% trusting the public charger to not try anything like hack your phone.
There's no difference between current day public chargers (promise to charge your phone) and your idea (chargers promise to follow a standard that promises to only charge your phone), both are fully based on the same trust that the public charger is safe.
The only way to make your idea work is to have the security built into your phone, so as I said one USB C port is the same as currently on phones and another port is next to it that does not have pins to allow data.
That way you're trusting your phone to not be malicious, which you already trust with your data anyway so it better not be malicious. What the public charger does at that point doesn't matter as the security is in your phone, not the public (untrusted) charger.
To draw a (rough) comparison; your idea is similar to saying: strangers might be untrustworthy so lets have a law saying that strangers aren't allowed to steal your wallet. Pickpockets are still going to break that law(or standard) :P
The next point then naturally is: having two ports on your phone makes little sense. The solution to this already exists in charge-only cables.
As long as it is your own cable you know it hasn't been tampered and so should be safe, rather than trusting the public charger (or strangers in my comparison).
@@someguy4915 fair, however:
if we had this as a public charging standard, normies would plug their shit in either the same amount or less (because they might be made aware of security implications in a more frequent sense). similarly, those in the know would either continue using their own bricks or MAYBE inspect the public port to ensure that its only the two charging pins. so no, i think it would only help. maybe marginally.
You could carry a USB charge cube and USB cable. I am more worried about unfiltered power spikes on USB ports then "Juice Jacking."
I really hate the term "Juice Jacking." It sounds like a team of 12 years came up with it.
if your worried about this. the best thing you can do is bring your own cable and power brick and a powerbank anyway
I was having trouble with my battery lasting all day so I bought a battery case. It only makes the phone a little bit bigger than a standard case. My device will now last all day of listening to music and watching videos.
Why can't we use the same security protocols as in wireless communications which are completely open?
Because such a standard doesn't exist on USB as it would break compatibility.
Also because WEP and WPA were broken decades ago, WPA-2 has been deemed unsafe for several years now and WPA-3 is only slowly becoming more common. So even Wifi security is somewhat questionable.
If they'd implement this we'd be going back to each phone manufacturer having their own 'crappy' app on PC/Mac and hopefully Linux to access your phone...
inb4 we start getting ads for "secure" cables for 299 each
I would put line voltage through the data pins. A little zap here, a little zap there...
Considering today’s data handling capabilities especially with countries like China (Hong Kong is a major travel hub), “paranoia” isn’t something you should attach to the data-safety of individuals. Since most public charging stations are run by big companies who see their shareholders as their true clients and thus will cut corners with anything to save some money, it would be pretty easy to ‘accidentally’ break a charging station and get the cheapest labourers they hire to install a harmless looking small box ‘to prevent further problems’.
Also, it’s pretty fu€king unprofessional to call people paranoid. Hope you reflect on that.
I always brought a wall charger with me and a power bank when on the move...
And this is why I bought a power bank, I'm not risking plugging in my phone in public and getting a nasty virus on my phone.
There's those portable chargers to use known as "power bank" .....I think the ones made for iphones should be called "apple juice" 😂
"As of April 2023 there have been no credible reported cases of juice jacking outside of research efforts" -wikipedia
Another thing one can protect from this is using a USB cable for charging only and can't carry data I own a few and tested them
Or just buy/build sleever. 2 opposite USB connectors, connect power pins with wires, and you're done.
What about turning the phone off while it charges?
wasn't this video already posted just a few weeks ago?
we bring a Charging Brick in my wife's purse/ my backpack (it's and either/or situation, we only have the one brick). We charge the brick publicly and if our phones need charged when we are out like the brick did we just plug into the brick. It still rocks a usb micro b port it's so old, but we got it tested and its still at 18000 mah compacity. It was NOT CHEAP when we bought it lol
I carry my own chargers because too many public ones are either broken or limited to 2amp.
It's about as safe as piblic wifi...
Just buy a cable that does not pass data and only power. Inside a usb cable there are probably like 8 cables. You just need 2 to charge it.
Would it not easy for companies to implement a "power only" mode to there software?
There absolutely is and is commonly implemented
@@oddone_ me, in my apple bubble, never heard it... so yea... in that case xD
And this is part of why i usually bring my own charging brick.. besides screw the very slow USB, QC and PD is where its at 😎
while unlikely, is it worth the risk?
Someone should make a short usb adapter that only uses the charging pins on the female end. That way, no data even CAN transfer
I mean, USB charging is so slow I don't know why anyone would travel without a brick
As risks go you are more likely to connect with a rogue wifi access point
i just want to show my outmost appreciation for Riley... my GOD he is such a good host, and handsome too!
I use a power bank simply because public charging outlets tend to charge slowly.