Remove Security Issues From Untrusted USB Connections

USB has become pretty “universal” nowadays, handling everything from high-speed data transfer to charging phones. There are even USB-powered lava lamps. This ubiquity doesn’t come without some costs, though. There have been many attacks on smartphones and computers which exploit the fact that USB is found pretty much everywhere, and if you want to avoid these attacks you can either give up using USB or do what [Jason] did and block the data lines on the USB port.

USB typically uses four wires: two for power and two for data. If you simply disconnect the data lines, though, the peripheral can’t negotiate with the host for more power and will limp along at 0.5 watts. However, [Jason] discovered that this negotiation takes place at a much lower data rate than normal data transfer, and was able to put a type of filter in between the host and the peripheral. The filter allows the low-frequency data transfer pass through but when a high-frequency data transfer occurs the filter blocks the communication.

[Jason] now has a device that can allow his peripherals to charge at the increased rate without having to worry about untrusted USB ports (at an airport or coffee shop, for example). This simple device could stop things like BadUSB from doing their dirty work, although whether or not it could stop something this nasty is still up in the air.

30 thoughts on “Remove Security Issues From Untrusted USB Connections

  1. sounds like a good idea.

    I have not read the article yet but I wonder if its better to filter/forward the negotiation or just proxy to a local ‘dummy’ who always asks for the max current. there’s not a problem in asking for max current; you only take what you use, anyway.

    blocking data lines does sound smart.

        1. USB filters with GSM modules embedded? Or you’re worried that maybe they implemented a boost convertor on the power line accidentally and might fry your phone?

          Or just that they wouldn’t work, which seems easy enough to test?

          1. Could just lay dormant then when there is no activity for a while inject an exploit in the connected device, and then go on pretending to just protect you..

            Oh and talking of which, it’s known that the NSA intercepts shipments to targets and replaces data carriers like DVD with infected copies. So think about that one too.

    1. This won’t work on some devices. The PS3 controller, for example, would not charge at all unless it could negotiate with a host. You couldn’t even use a cell phone charger and get it to slow charge at 100 mA. It just wouldn’t do anything without the handshake.

  2. Great execution, but seems way overthought. Just get any one of the USB fast-charge adapters available on Amazon. Completely blocks the data lines (USB doesn’t even attempt to enumerate, doesn’t show “USB Device Not Recognized” error) and allows peak charging speeds as supported by the device: http://www.amazon.com/PortaPow-Charge-Block-Adaptor-SmartCharge/dp/B00QRRZ2QM/ref=sr_1_1?ie=UTF8&qid=1435090574&sr=8-1&keywords=usb+fast+charge+adapter

  3. Most Devices use DCP. Apple, BLackberry and now Samsung do not. So shorting the Data lines at the Phone will not work for all phones. Check out BC1.2 Specification and also look at charge Control Chips by TI and MIcrochip.

    1. Some iOS devices actually recognizes DCP. Unfortunately they would only charge at 1A instead of the 1.5A. Apple chargers comes in 1A, 2A, 2.4A capacities, so I guess they are too lazy to make a 1.5A charge profile for it.

          1. Also, $19 *is* overpriced (my dollar store has “lower but ok quality” ones for $3), but it’s a much better cable than 99% of USB cables out there. It’s not only more durable (and has a reversible lightning connector and all), but unlike cheapo USB cables it can actually do 2.4A without dropping a ton of voltage (good wire gauge on the supply lines). Everyone who has worked with USB chargers implementing the DC 1.2 spec for higher currents knows this… USB charging is a huge PITA, even using specialized ICs.

            Then again, this is a complete non-issue:
            -remove data lines and the problem is solved
            -use a charger cube or battery “tank” and problem solved again
            You shouldn’t have too many of these untrusted devices around anyway (I’d replace them otherwise)

      1. I saw $3 charging cables and $2.5 Micro USB to lightning dongles at the dollar store.

        The cable are the same junk I got from China for $2.5, but because of the AWG#28 wires they use, there is too much voltage drop for it to actually charge. I had shorted mine to 2 inches and the drops are still too much. The micro USB dongle would probably work better as you can use much thicker cables for it.

        It is interesting that iOS update hasn’t locked out the charger cable (yet).

  4. Pretty nice solution. My solution to this has lately just been “carry around a battery” — I can charge the battery safely and quickly (no smarts in it to do horrid things to) from untrusted ports, then turn around and charge my phone off of it on-the-go. Admittedly not perfectly optimal (there’s power loss, adding the middle battery), but usually when I need to charge my phone on-the-go I’ll be in a situation where an external battery would be good backup anyway.

    Sadly, my battery (an older Anker pack) does not charge devices while it is being charged (I don’t know if newer models have fixed this issue; I hope they have, but there’s obviously current draw problems potentially, so maybe they haven’t). The battery otherwise does a great job of charging (is very fast for all my devices).

    1. I’ve picked up a PNY single cell pack and a Xiaomi… uh, 5 cells I think pack, both will do passthrough charging though they behave a little oddly. When the packs are fully charged and plugged into a high current USB charger, if you plug say a phone in to charge it should just take all the power going into the battery pack but instead the pack will start to discharge a little, as if the phone is getting 2.5A and the pack is providing the extra. It might just not be properly negotiating current with the charger which would be pretty amusing :P

    2. I too am looking for a pack to use as a UPS for my 5v projects, and I haven’t found one yet. What I want is something that (as long as the batteries are not dead) provides 5v from the wall adapter (and charges the batteries), and if the wall adapter disappears, provide 5v from the batteries.

      To date I have an Anker (does not work, and also Anker shuts down if not enough current is drawn which is the case for arduino projects), and a number of cheap chinese ones which all do not work (have a voltage dip when switching over, or not providing any power).

      Anyone have a usb battery that does this?

      1. Hey! Maybe just use a really, really big capacitor on the output of a Chinese one? I guess that’d work, as long as it doesn’t overload the Chinese stuff on power-on and doesn’t mess with any of output circuitry – which both might happen.

  5. How much capacity could you get out of a battery the size of that little box? Just thinking that that might be a better alternative for some (no need to be tethered to a port).

  6. Thats all good if you are charging off a computer and want to stick with the low voltage charge, but quick charge 2.0 adds higher voltage modes as well. I have only seen my note take it up to 9v, but there is a 12v option as well, and then there is the macbook charger which is 18v.

    Does this low pass filter on the data lines allow these other protocols to work or just the passive detection of voltages and shorts on the data pins to each other?

    1. I’m assuming you are referring to the USB Power Delivery 2.0 spec. (If not, please correct me.) The new Macbook uses USB Power Delivery 2.0 over a Type-C port. I’ve started developing a version of the USB Power Armor for USB-C. In that case, USB Power Delivery negotiation is done over the CC line, which will be connected through. USB Dp and Dm will have caps, and all high speed lines will be disconnected.

      An alternate implementation of USB Power Delivery sends signals on Vbus. The current implementation of my device will allow that communication to go through, and the connectors and components should be able to handle the higher voltages. (I haven’t made final components selections for the production version yet.) However, this implementation seems rare and most new products will prefer negotiating over the CC line in the Type-C connector.

      1. Im just meaning whatever samsung use on the note 4 – They seem to have crippled its charge speed on 5v with whatever they added. its just called qualcomm quickcharge 2.0 on the chargers I have bought. Charger doctor shows it going to 9v at about 900mA on a 70% full battery. not measured it on a near flat one but its significantly faster than a 5V charger ever was on my note 3 to get it up to about 40%.

  7. So… does no one else have an unused male and female usb connector to just solder the power lines only, cut off data lines, shrink wrap and hotglue support (robotics club has taught me well)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s