Beware of Juice-Jacking

There is one easy way to solve this problem that I can think of: Neuter a USB cable by shorting the data pins on the device end and disconnecting them on the charger end.<p>Just be careful not to plug the resulting cable into a computer -- you are likely to draw more current than permitted by the USB spec, and could potentially cause an issue.<p>(I suppose you could potentially cause an issue with a charging kiosk too, if it's a computer rather than a dumb brick, but it's not really the kiosk I'm worried about.)

Damn, this is actually rather disturbing--my Nexus 4 automatically presents USB storage when I plug it in, and I can't figure out how to disable it! Locked or unlocked, you can access my files by simply plugging in the phone.<p>Edit: Figured it out, it actually only presents storage when plugged in if you unlock the phone. If you unplug the phone, let it lock, then plug it back in again, you're ok.

So did this actually test if the phones were vulnerable? I know my phone doesn't turn on usb mass storage mode without asking; but this article doesn't even mention other methods.

Clever hack. It suggests a product, a USB condom, the device has a USB plug and a USB socket, it connects the power lines but not the data lines. With a bit a careful surgery on a USB cable you could manually do this. I don't know if it would then charge though. A surefire way to build it would be to use an "FTDI cable" [1] and pull the power of to a USB socket.<p>[1] <a href="https://www.sparkfun.com/products/9718" rel="nofollow">https://www.sparkfun.com/products/9718</a>

Wouldn't work on my Nokia N900.<p>If it's just pure juice coming out of the connector it just loads.<p>If there's some process that tries to initiate a data connection you get two buttons, asking:if you want a PC-Suite, or a mass storage connection.<p>That would look pretty fishy when I just try to juice up my phone.<p>That said I think he makes a very valid point and my phone is pretty much an exception nowadays (as, unfortunately are Nokia smart phones in general).

If what he says is true, it's ridiculous that phones do this be default. Some clever hacker could create a virus that would sit dormant until your phone was plugged into your computer upon which it would steal all of your data. You'd think phone manufacturers would include some sort of way to disable auto-data sync as leaving it on is a major security risk given the number of people that charge via their computers.

For newer iOS devices, I was under the impression that if a passcode is set and the screen is locked, the USB host can't access the contents of the device until the passcode is entered. However, once the screen is unlocked, iTunes on the host can obtain tokens to automatically unlock the device later on.<p>Do newer Android devices also have something similar to this?

If you have a multi-connector charge-only cable it's likely that the data lines aren't connected, so that's an option.<p>(Unless it's a multi-headed cable like: &#60;<a href="https://www.sparkfun.com/products/11515&#62;." rel="nofollow">https://www.sparkfun.com/products/11515&#62;.</a>)

My Desire hd presents itself as a dumb brick by default. Until I explicitly say it to be something else it just sucks up juice. So maybe a bit more info like models, brands etc will be good to have.

Which phones are unsafe when they are turned off?

You can prevent this with a simple and cheap Nokia DC-16 portable charger put between the charging station and your phone.