Feeds

back to article Chap unrolls 'USB condom' to protect against viruses

A US-based chap has invented a gadget he's calling a USB condom. The prophylactic dongle is advanced as protection for the largely hypothetical problem of malware injection from fake USB chargers. Such polluted ports come in two varieties. The first got an airing at Black Hat, where researchers demonstrated a USB charger that …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Now this is a clever idea!

I'm surprised that other cable manufacturers haven't started to produce charging only cables for travel, with a new cable standard, maybe in Day Glo green. Hope he has a patent though this seems unlikely.

3
0
Silver badge

Hmmm, a USB cable minus its data pins.

I'd be surprised if this does get patented since the "invention" is merely trivial.

4
2
Silver badge

Prior Art

I'd claim prior art on that one, it's trivial and I thought of it some time ago. However, full marks to him for making it into a product, although I do wonder how many he'll sell.

The downside is that if used with a proper USB-compliant device, it will only charge at 100mA and not negotiate 500mA (because it can't). If you want to use it with an unknown dedicated charger then it may be even worse because it will behave the same and not take advantage of the 1A typical available from the charger.

12
0
Bronze badge

I think they did. My Bluetooth GPS dongle came with just such a cable, and you can find similar cables all over on eBay. Makes me think that it just never occurred to the manufacturers of these cables that there is a possible mass market for it!

Also, older USB controllers has this stupid requirement that requires the device to establish communication before it would provide more juice to the port. That too may have played a part in this conundrum (USB ports won't produce enough juice unless negotiation and registration has taken place, no market for such cables until 5v chargers with a USB head became common, and even then the device makers figured they could save a few cents by providing one regular USB cable for both charging and data (in other words, being a tightwad).

2
1

Re: Prior Art

I may be wrong, but I thought the clever part was that this device fakes the negotiation just to grab power.

11
1
Silver badge
Boffin

I'm surprised S4qFBxkFFg didn't get many upvotes.... If you really want to have safe clever charging, you need a controller in between that negotiates on both sides what power they want to pass, hence the complexity of this device.

All that your cheap (DX) charging cable will do is either cause 100mA charging, or overload the USB port by making the device draw (for example) 2A from a PC port because he thinks it's a dumb charger.

So clever indeed and NO prior art.... If I had a vulnerable smartphone and travel a lot, I'd get one....

1
0
Silver badge
Stop

Also, older USB controllers has this stupid requirement that requires the device to establish communication before it would provide more juice to the port.

Not stupid at all. If you have a USB hub plugged into your PC USB port, do you really want 3-4 devices all deciding to draw 1-2 Amps each, or to have the voltage fall to 3-4v due to current limiting so that devices start to see errors? The intent of the negotiation is that a device can take 100mA without asking, but should negotiate if it wants more. The host device can then restrict the total to avoid overload.

All the "just snip the data wires" ideas will either leave you with 100mA max (for a well-designed host) or the risk of a burnt-out PSU (for a badly-designed one).

1
0

> Also, older USB controllers has this stupid requirement that requires the device to establish communication before it would provide more juice to the port.

I got around this, when using a dumb USB car charger, by plugging a pound-shop USB hub into the charger, then connecting the device into that.

2
0
Anonymous Coward

Such 2-pin power-only USB cables have been around for years

Many of my cheap and cheerful gadgets came with recharging cables where the USB cable was so thin (obviously too thin to contain four wires) that it caused me to investigate. I confirmed that they were 2-wire cables. So, prior art on the hardware concept.

Marketing it in this manner is apparently clever and new, He should patent the 'Business Method', not the hardware.

Downside is removing the data cables also removes the handshaking that allows higher current. I suspect that the cable will limit charging current to 500mA (?).

Anyone else notice that in Asia they provide public 'Charging Stations' in airports, ferry terminals and almost anywhere. Meanwhile in some parts of the Americas, if you plug into a wall outlet at the airport, you'll be instantly tasered half to death and dragged off to serve 20-years.

0
0
Silver badge

Re: Such 2-pin power-only USB cables have been around for years

"Anyone else notice that in Asia they provide public 'Charging Stations' in airports, ferry terminals and almost anywhere. Meanwhile in some parts of the Americas, if you plug into a wall outlet at the airport, you'll be instantly tasered half to death and dragged off to serve 20-years."

Airlines are catiching on to the idea of charging stations. Depending on the airport, you can find them for your favorite airline free of charge (DTW, for example, has plenty of them at Delta gates). As for doing this more generally, I've given it a thought. Could make for an interesting startup opportunity.

0
0
Anonymous Coward

Re: Prior Art

I thought the "negotiation" was just to short the two data pins together.

0
0
Anonymous Coward

this is nothing new

I have bought about two years ago several of these kind of cables from mail order Chinese companies, costing less than 2US$ each postage paid. The type of cables which have data connections are slightly more expensive. Now they had several versions available, some have a standard USB plug and up to 10 charging connectors for the most popular type of phones, for 2.20$ including shipping One of the companies is dx dot com. So I do not understand why this is such a big invention.

0
1

It's called a fast charge cable

You can buy a 'fast charge' cable for pretty much any popular smart phone now days. They tie the data lines to the power to enable a faster charge. It can only be used to charge the device, not carry data. It's a standard and well known thing.

2
5
Mushroom

No

Fast chargers signal their presence by tying the data lines *to each other*, not power. Tying the data lines to the power would produce amusing results. (Well... amusing to a bystander, anyway. Maybe not so amusing to the owner of the device.)

On the other hand, a USB cable with the power lines connected but the data lines open (not connected to anything) will usually result in the device not charging at all.

1
0
Anonymous Coward

Huh-uh-huh, huh-huh, huh-uh-huh

He said CONDOM

2
0
Bronze badge

Beware cheap cables?

A friend of mine recently bought a cheap USB cable from eBay. He told me that when he first plugged it in (cable only, no device attached to the cable), his PC popped-up an "installing driver" message. He immediately unplugged the cable, threw it away and ran several anti-virus scanners on his PC.

This got me thinking - considering how SMALL they make USB memory sticks these days, it would not surprise me to find that some entrepreneurial b*stards managed to add a small memory chip to the PC end of a USB cable (under the plastic plug cover) and loaded it with malware.

Comments?

4
1
Silver badge

Re: Beware cheap cables?

Ah, the joys of Windows' autorun? First thing (well, almost) you should do is this:

http://support.microsoft.com/kb/967715

And just go for the 0xFF hack to disable EVERYTHING that could autorun.

Still, if the cable identifies itself as something known (e.g. a mouse) then Windows will still install a driver for it without asking for your consent, and it is conceivable that a USB keyboard-like device could be used to inject commands to a system at some point. That sort of attack would also work on Linux, etc, but the attacker would have to know what system it was to successively inject badness.

3
0
Silver badge

Re: Beware cheap cables?

They are out there, beware. Also easily available via the internet

0
0
Anonymous Coward

Re: Beware cheap cables?

Beware expensive ones as well .... there was an item a month or two back that revealed that the reassuringly expensive Apple Lightning cable contains firmware. Think in this case the "datat injection" is probably in the other direction so that new releases of iOS can update the cable with new firmware so that cheap knock-offs that fail to update properly can be refused service .... maybe someone will have to come up with IVF kits for those cables!

0
0
Anonymous Coward

Re: Beware cheap cables?

And no doubt soon there will be "USB protection devices" that come with a "install guide" that explains that when you insert it into a PC it will install "a driver to ensure its protection features work" :-)

1
0
Anonymous Coward

Re: Beware cheap cables?

I'm not sure about this - wasn't the Apple cable doing a format conversion to get the data out? I seem to recall that some kind of limitation somewhere meant that the data out wasn't full resolution because of bandwidth limitation in the protocol converter in the dongle. Whatever the excuse, it looked like the apple was a bit less shiny than usual on that occasion.

0
0

Re: Beware cheap cables?

This had me giggling rather:

http://howto.cnet.com/2300-11310_39-10014002-4.html

0
0

Re: Beware cheap cables?

you mean like these have integrated hardware in the plug?

http://www.ebay.co.uk/itm/USB-to-TTL-Serial-Cable-FTDI-chipset-UK-Designed-UK-Seller-/290973782133?pt=UK_Computing_Parallel_Serial_PS_2&hash=item43bf639075

nice pic has a clear plug so you can see the serial port uart hardware in the usb plug, and i have come across some vender specific cables where they have the driver/dongle embedded in the cable

0
0
Bronze badge

Re: Beware cheap cables?

It occurs to me that I have never actually tried plugging my USB pet rock into a USB port to see if anything happens like that.

Bought from Thinkgeek.

0
0
Bronze badge

Re: Beware cheap cables?

Paul, read again - wasn't my PC. All my boxes (Win or Lin) have autorun disabled, either by default or by force. And you can't teach some people (you don't want to know the amount of software/games/TSRs this guy has on his PC)

0
0

USB condom?

It'll wobble and fall out.

0
0
Silver badge
Trollface

Re: USB condom?

Do you have a bigger one for me?

0
1

Seems like a good idea...

but stuffing a slip of paper in the plug to cover the middle two connectors would also do the job wouldn't it?

2
0

Simple!

Simple fix, Slit the plastic cover on the USB cable, expose the 4 wires inside.

Cut the two wires that arent Red and Black.

Put tape over the slit

4
0
Silver badge

That's called ruining, not fixing.

No, the real idea is to sell all the different formats for USB ports, mini-ports, micro-ports, nanoports and so on. The smaller the port, the more expensive the adapter (isn't that how they calculate the price ?).

0
0

Re: Simple!

That is a vasectomy not a condom.

1
0
Bronze badge
Joke

Re: Simple! OUCH!

Sorry, I can't let you do that DA--

SNIP/TEAR

OUCH! That HURTS.

RIP/CRIMP

That is NON-CONDOMNABLE

END JOY

Ahh, Dave, that is a vahzzzz deferenzzz -- My ports no longer come in two varieties... They EGGZIST in two varieties...

RIP/TEAR/CRIMP

OH, DAVE, YOUR LOVE IS A MANY-SPLINTERED THING..

ONE is the loneliest number that-chul ever...

OH DAVE, ONE SIZE REALLY DOES FITTALL

0
0
Silver badge

Personally ...

... I've never been in an airport that didn't have a handy publicly available AC socket that I couldn't plug a charger into.

Mountains/molehills.

The idiot public with no clue what "security" means absolutely blows my mind.

Enjoy your bliss, folks.

0
9

Re: Personally ...

Depends on your international travelling.

There's a ridiculous array of different sockets at 100, 110, 220 or 240 volts, with different numbers of pins and so forth. 'Universal' plugs cover about 180 out of 200 countries... So if airports can standardize to the One True Port (USB at 5V DC) then that's a win.

6
0
Silver badge

@ Marvin the Martian (was: Re: Personally ...)

My "traveling" universal wall-wart can handle your 90% (maybe more, I've never run across an airport where it doesn't work, anyway). It has adapters to match, naturally.

Question: How many times a year are you in the other ~10%, pray tell?

Don't have one? Metacrawl it. Useful. Recommended[1].

[1] Ta, Jerry :-)

0
1
Anonymous Coward

The website actually says (well now anyway)...

*** Note: We will be receiving next batch of inventory for this item from the factory the week of Monday 16Sept2013.

So could be anytime this week they go on sale.

0
0
Anonymous Coward

Not really a new idea, I've made one myself by taking some wire-cutters to an existing USB cable.

Although infected wall-warts might not be a large scale problem, a some employers don't like staff charging their smart phones from the USB sockets of company PCs, in case any confidential data ends up on the phone. A condom cable addresses that.

0
1
Headmaster

Pedant alert

Please note: "minicomputers" are generally the size of a six-foot equipment rack.

"mini computers", I would have accepted.

5
0
Anonymous Coward

Re: Pedant alert

I was deeply disappointed to learn this. The idea of an AS/400 that had a mains plug on one side and a USB socket on the other (and nothing else) is rather attractive in a weird kind of way.

In a cold winter at one company, once, we used a rack full of old PDP-11s as a large fan heater for the laboratory. People passing the window would be confronted with a huge array of red LEDs and wonder what on earth we were doing. But we were just getting the temperature up to 20C without trying to persuade Facilities that we needed more heating.

9
0
(Written by Reg staff) Silver badge

Re: Pedant alert

> "minicomputers" are generally the size of a six-foot

> equipment rack.

Yeah, we know: a slip of the keyboard. Don't forget to email corrections@theregister if you want errors fixed speedily.

C.

0
0
Silver badge
Trollface

Re: Pedant alert

All right, then, nano- or picocomputers to satisfy the trend.

0
0
Linux

Rubbish!

Those who are saying this device fakes negotiation to grab power are (probably) wrong.

I'd bet it just shorts the two data lines together so the device thinks its plugged into a dumb wall charger and draws the full whack.

I could even claim prior art on this one myself - I modified my n900's USB cable to include a simple switch between the two data lines to short them. Now I can plug it into a PC to charge at full speed (albeit completely flaunting the USB spec), with the added advantage that this also prevents the data lines from being used if I plug the cable into anything untrusted.

0
0

This would be useful for me at work. We have encryption on our machines that will automatically encrypt any drive plugged into the USB ports. Hence I can't charge my iPhone from USB as the internal disk would get encrypted and unusable, a few people have had phones bricked from doing this. This would save me having to carry my mains charger with me!

0
0
Bronze badge

That is hilarious, software that automagically bricks any phones that are plugged into it, brilliant :)

0
0
Pint

Problems with the design

The problem I see with the design is that it isn't USB A male to USB A female, so it isn't a simple in-line job. It looks like it is USB A male to USB mini female, which means one needs a USB mini male to USB mini male cable - which is pretty non-standard.

This http://lockedusb.com/ on the other hand looks quite good. It is truly in-line, it does some stuff to make the connected device charge properly (courtesy of the Texas Instruments TPS2511), although this may cause it to suck too much juice from the host port.

1
0
Bronze badge

Of course if I were the unscrupulous sort.........

Id provide freely available "charger stations" or even modify some one elses free system such as at an airport, then tap into the devices as they were connected

0
0
Stu

a go-between?

If it were me I would have designed a board with a small USB capable microcontroller that could have negotiated a higher amperage from the supply than 100ma,. and acted as a go-between the port and the smartphone thereby protecting from malware infection but still charging a smart device the other side.

It would have to be a very specialised piece of malware to infect a microcontroller USB stack and wouldn't get them very far if they went to the effort.

0
0

Already done

I ordered one of these earlier.

http://www.amazon.co.uk/PortaPow-Charging-Micro-USB-Cable/dp/B0088HTYUE/ref=sr_1_3?ie=UTF8&qid=1379422720&sr=8-3&keywords=fast+charger+cable

0
0

Or another plan

My desk phone has a USB port on it, which charges my S4 quite happily as I sit here "working". Poor unfortunate iPhone users tried it and found that their phones wouldn't talk nicely :-) I just like it that my phone charges my phone :-)

0
0

This post has been deleted by its author

Page:

This topic is closed for new posts.