• T156@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    6 months ago

    It’s also a lot easier to do it in software, since you don’t need to splice wires and leave physical traces like you would have had to do in the day.

    A well-configured charger or Flash drive can do that job for you, and can spread itself.

      • T156@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        6 months ago

        Yes, since most modern chargers and cables have internal chips to communicate capabilities with for things like fast-charging. It is not difficult to have the chip identify itself as something else, and execute a payload.

        A common attack method is to have it show up as a keyboard, and execute a series of key-sequences when connected to a computer (like opening and executing things through a command prompt).

        It is also why you should try and avoid plugging random USB cables/chargers into your phone/computer when out and about, since you don’t exactly know if the other end is what it appears to be.

        • Empricorn@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I don’t know enough about the charger thing to comment on how viable that might be for an attack vector.

          But you’re definitely right about plugging your mobile device into random ports. Either set your phone to by default only charge and not communicate, use a charge-only cable, or only use your own power bank/charger when away from home and you don’t fully trust where you are…