USB Charging Actually Poses Security Risks – Hacking a Laptop via a USB-C Adapter

Smartphones have been charged over USB for many years, but with the advance of USB type-C now even laptops may be charged over USB, instead of the typical DC power barrel jack.

Why am I writing about that? That’s because charging over a DC jack is normally safe, but after reading an article on BBC website, I’ve just realized when you charge over USB you also give access to the data connection, and security researcher (MG) has found a way to hack the USB-C charger of an Apple laptop and show a login prompt to steal credentials (username / password).

Hacked USB type-C Charger
Hacked USB Charger

The full details of the hack are no public, but it does require altering the hardware of the charger. So as long as you use the charger sold with your laptop, you should be safe. However, there’s always a risk if you charge from public places, or buy  a charger from a third party. It’s a limited risk, but still worth keeping in mind. You can see the hack in action below.

As mentioned in the video and tweet, it works not only with Apple hardware but any laptop charging over USB-C. This type of hack is not really new, as “Juice-Jacking” – hacking phones over the USB connection at public charging sport – has been possible for several years, but in my case at least, data stored on my computer(s) is much valuable than the data stored on my phone.  One obvious counter action is to not use your device while charging it in a public place or with a third party charger, but in case the hack can be made to work without user action, a trick is to power off your phone / laptop before charging it, then the data is not exposed on certain devices, i.e. not all. So it’s a good idea to be aware that public USB charging may not be fully secure, and whenever possible, use your own cable and charger.

Thanks to Theguyuk for the tip.

Share this:

Support CNX Software! Donate via PayPal or cryptocurrencies, become a Patron on Patreon, or buy review samples

Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
14 Comments
oldest
newest