Don’t Just Go Sticking That Anywhere: Protect The Precious With A USB Wrapper

Oooh, look, a public charging station. Should you trust it? You might get juice jacked. Oh wait, you’ve got a USB Wrapper designed by [Scasagrande] to deny access to your datas.

This project was inspired by the USB Condom, but the problem with those is that they completely cut out the data lines and limit the charge rate to USB 2.0 (500mA). The data lines are used to communicate information about the charger’s power sourcing capabilities to the device. Many manufacturers short D+ and D- together, but Apple applies specific voltages to those lines.

[Scasagrande]’s USB Wrapper gives you options. You can set it to Dedicated Charging Port, Sony, Open Circuit, or Apple. The super-cool part of this hack is for you Apple fanboys. The bottom slider lets you emulate any Apple charger and use any USB cube (including one you may have made) as long as you have that funny cable in your messenger bag.  The hardware is open source and available at [Scasagrande]’s repo.

Make the jump to see [Scasagrande]’s nicely detailed video about the project.

[via Dangerous Prototypes]

60 thoughts on “Don’t Just Go Sticking That Anywhere: Protect The Precious With A USB Wrapper

  1. Hah, sweet! I’ve built something very similar for myself and several others, but not gotten around to documenting it. But if it ain’t shared, it ain’t shite! Props to all who publish their ideas.

    1. ‘Cause sometime you won’t find a mains plug, but just the USB charging station. Even worse, you might be spending a few hours in an airport abroad, where they use some funny shaped mains plugs.

    1. I believe Android phones are secure in the default configuration. (Don’t leave developer mode turned on if you’re traveling.)

      I’m honestly surprised iPhones can be compromised silently from USB. Does someone have a link to the vulnerability disclosure?

        1. That article is 3 years old, plus his information is older than that. when they did this trick at defcon it was done to 4 year old phones or older. Talking iphone 3GS and early paleo era android.

    1. That will protect you from malicious chargers, but that will not activate full charging speed on all devices. So although most will check for the shorted data lines (as per the USB charging spec), Apple devices (and a few others) do not. They look for specific voltages on the data lines to determine the charger’s capabilities.

    2. Except that this won’t work for anything made by apple.

      I think it would be better to just modify the usb connector at the male end, it is big enough for small SMD components, make a small circuit that powers the data lines from the main power, it would only take a couple resistors and some diodes.

      1. It does work on Apple… I bought a 3 amp usb charger but it would only charge my ipad at 500mA. I got a usb extension cable, cut the middle, shorted the data lines. Boom, full high charging :)

  2. Where are these public USB chargers? I dont think i’ve ever seen one in my life in Chicago. I’ve seen plenty of AC outlets, but never a USB one. And if you’re really worried about something bad happening when you plug in to a public outlet, I’m guessing this does nothing to address the possibility of 120VAC being attached to the data/power pins.

    1. It’s not super duper common but I’ve seen them around. Airports, some tech conferences, and some malls are places I’ve seen them.

      But no it does nothing for that kind of malicious charger. But its a good idea and perhaps I will add that in the future!

    1. There is a different way. What if we intentionally make a bad connection on the data line for USB data communication, but let the charging voltage/short detection can pass through?

      USB Charging spec allows for 200 ohms max between the D+/D- for charger detection and up to 1nF between the data line to GND or VBUS.

      So a good starting point is have a low pass RC filter of 100 ohms/1nF (f0=1.6MHz) in series with each of the data line and still within USB Charger spec. The other possibility is to have the full 200 ohms on one of the data lines to get the maximum high frequency attenuation.

      The charger detection only look at the voltage levels. i.e. it operates close to DC in the frequency domain. Apple chargers have tens of kilo ohms of source impedance, so a couple hundred ohms would have no effects either.

      It is very unlikely that a smart phone/tablet would connect at low speed (1.5Mbps). May be the low pass filters degrade the communication for Full Speed/High Speed enough to not have the device recognized by the evil host?

  3. To be even more pedantic: Cutting the data lines limits the charging current to 100mA. Per the original specification, a device may not draw more than this amount until it has communicated its higher power needs to the OS (using the USB data channel) and got the permission to use more (so that the OS may keep track of power consumption and disallow overloading). Only the more recent specifications have provisions for higher power from dumber sources.

    (Not that I would want to imply that there’s a sizable portion of devices out there that actually implement this part of the spec correctly. With the exception of Open Source devices, like the OpenMoko phone, most hardware seems to disregard the power limits and happily draws 500mA, and more if necessary, with or without the OS’s blessing.)

  4. I need this now.

    BTW, just curious, why did he choose a micro B on the power side? Wouldn’t a male A be more convenient so you can plug it directly into the USB socket? A female A could work, too, so you can use an extension cable, but that could be confusing with the device side.

        1. The thicker PCB and gold plating for the PCB contacts required to do this would cost you extra vs a regular PCB.

          Not much of cost saving for skipping the connector as they cost around $0.20 each (at QTY 10) from DX. I am sure you can get them even cheaper elsewhere in volume. The metal shell allows mechanical latching and some level of ESD protection as the contacts are not exposed as in the case for a PCB A connector!

  5. I would put an ATTiny in this to detect the voltages at the USB data lines from the “charger”.

    – Detect 2.0V/2.8V for Apple chargers via the ADC pins.
    – Detect if the data lines are shorted. If both lines reads the same voltage, chances are that they are shorted. Drive a know logic on one of the data lines and see if the other one has the same logic level.
    – ATTINY enumerates as as a 500mA device, if that fails as 100mA.

    On the data lines to the phone, a dual 4:1 analog mux e.g. 74xx4052 can be used to connect the various combinations of voltage dividers, shorting data pins or open to the phone.

    The phone’s data lines are isolated from the charging source regardless of what is at the input. This also gets rid of the mechanical switches etc.

    1. I wanted to make the first version as simple as possible. Plus this has the advantage of allowing you to select the setting you want in order to override the charger. Your solution would still require some sort of user input (through tactile buttons or otherwise) if you wanted to do the same.

      But yes, I’d like to do something with an active USB device on the power side to allow for full enumeration.

        1. Exactly. If you’re at a public charging station with your latest iPad, you have no idea what the max output of the charger is. With this you can try a few different settings to find the highest rate that works. Maybe that’s 1A, or maybe 2.1A. Its either that or 500mA with the shorted lines.

      1. The microcontroller should be able to detect the different dividers settings read from the charger and duplicate that (outside of actual USB bus traffic) on the mobile phones side. Your legit Samsung 1A Cube is not going to be saying that it can handle 2.5A of charging current, so your iPad would be default to whatever it can charge at when the Apple “protocol” is not supported – most likely 500mA for shorting the data lines as that’s part of the USB charging specs.

        Some additional safe guards can be made by monitoring the USB bus voltage and observe the droop as it is loaded to determine if the charger is really telling the truth about its capacity.

        Letting end users arbitrarily set higher charging current rating than what the chargers can deliver is asking for trouble and you as the designer would be liable in some countries.

        1. The entire point of my project is to let you charge at whatever rate you want. If you exceed the abilities of your source the voltage will sag below the USB voltage spec cutoff. Some devices actually use this to self regulate their charging rate. An example is the Blackberry Playbook where it tries a few different charge rates and checks the voltage sag.

          Everyone who buys one gets a nice big arse warning saying not to exceed the chargers rated output.

  6. Nicely made PCB. A couple of under/over-voltage LEDs would be handy to check the regulation of the source before starting charging. Shrink the whole thing and put it in a box, and you’ve got a useful gadget.

  7. @tekkieneet: How can you be contacted? I’ve been on your WordPress blog and left a comment on your About page with my email address, and would appreciate if you could get back to me.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.