1. Home
  2. UK Do-It-Yourself Forum
  3. USB risk (slightly OT)

USB risk (slightly OT)

formatting link

FFS how difficult would it be for IOS / Android to pop up a message saying "Is it OK to talk to this port, or should I just get power?"

Reply to
newshound
Loading thread data ...

iOS does - if it hears data on the line it pops up "Do you want to trust this computer?", and if you say no it'll just take power. Since 2011, I think.

Cheers - Jaimie

Reply to
Jaimie Vandenbergh

Journalists!

:-)

Reply to
newshound

Oh, The Inquirer, they're always reliable. And Kaspersky, they've definitely never tried to spread FUD to sell you their security gear.

At least Kaspersky make it fairly clear that what they're talking about is the USB device acknowledgement handshake, which *has* to be provided otherwise your kit isn't USB compatible. And part of that is a unique identifier like the MAC on a network card.

Then they bait and switch halfway through the article, going from "Android and Apple Phones Are USB devices That Talk USB shocker!!!!!1!!" to "a smartphone" without any detail as to what model or OS. Nice.

Cheers - Jaimie

Reply to
Jaimie Vandenbergh

My (stock Android) phone does that.

It starts off doing power only, and you ca pull down a menu with the other options (file transfer, photo transfer, MIDI).

That's a Nexus 5 with Android 6.0.1.

Reply to
Bob Eager

Mine - ancient Android - does.

Reply to
Adrian

This is an old story. And it can't be fixed.

Device says "I am an Apple keyboard". iOS says that's alright then...

A few chosen "keypresses" later and you've been pwned.

It's the same on all operating systems, with various devices. MS's autorun is perhaps the worst.

Andy

Reply to
Vir Campestris

Sure, hardware access almost always gives you ownership of the device - although Apple at least are working hard at making that untrue, with encrypted storage, signatures on all executables, and encryption keys that are only accessible with a microtome and scanning electron microscope. I don't follow what other manufacturers are up to.

But that's not what this story is on about. It's just FUD. There's no info here that can't be tracked much more easily by listening to the devices cellular communication/wifi/bluetooth footprint.

Cheers - Jaimie

Reply to
Jaimie Vandenbergh

Thats probably why windows doesn't autorun by default these days.

Reply to
dennis

That appears to be a trashy website for the hard of thinking. Does anyone here have anything good to say about it?

Reply to
Rob Morley

I was there when someone plugged an iphone 4 into a PC, and after a bit realised the PC was downloaded data in bulk without any permission or knowledge. Lots of people still use 4s. So that much is certainly real.

NT

Reply to
tabbypurr

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.