Everyone is familiar with this situation: a smartphone or tablet sits down, and the charger is left at home. Why not borrow it from an airport lounge neighbor or a hotel receptionist?
Cybersecurity experts say it’s a big mistake to do this these days.
“There are some things you can’t take from others,” says Charles Henderson, a security specialist at IBM Security. – If you found out on a trip that you forgot to take underwear, you would hardly borrow it from other passengers. You would go to the store and buy new ones.”
Henderson runs a group of hackers that clients hire to break into their own computer systems and expose vulnerabilities. Because cyberhackers have learned to plant malware in charging cables that can remotely take over devices and computers, Henderson and his team sometimes use one trick to teach customers to beware of other people’s chargers.
“For example, we send someone a fancy iPhone cable in the mail. We send allegedly from the seller or partner, which is listed on their website. We send it and wait to see if a person will use it,” he says.
At a recent DEF CON Hacking conference in Las Vegas, a hacker named MG showed off a modified iPhone connector. With it, he connected an iPod to a Mac, obtained an IP address remotely, and completely took over the Mac. MG has shown that it can then “kill” the planted software and erase any trace of its existence.
Such modified cables were sold by an enterprising hacker for $200 each.
Henderson says this threat is not yet very widespread.
“But just because we haven’t seen a massive attack of this type yet, you shouldn’t think that we won’t see it. This is a very real threat,” he explains. “This is a very compact and cheap technology. Over time, it will become even cheaper, and it is already impossible to distinguish a fake cable from a regular one.”
Henderson says it’s much more dangerous these days to use public USB cables to charge devices, such as at airports.
“We know a couple of cases where people have modified charging points. I don’t mean an electrical outlet, but a USB port.”
Henderson’s general advice is this:
“Watch where you plug your devices is basic tech hygiene. Just as you don’t open suspicious email attachments or reveal your passwords, don’t use someone else’s cables.”
Many travelers know that in a pinch, you can go to the hotel desk, and they will always have a full box of chargers forgotten by previous guests. But resist that temptation, Henderson says.