This is a real attack vector. Don't use strange cables you find laying around the airport. And if you see a USB charging station, ideally you should hook into it with a power-only cable, not a power-and-data cable.
The NSA booth probably just hacks your phone into pulling up a website with a description of the hack and a hiring form, though.
why would they want to hire people who don't have a baseline of cybersecurity discretion
It's a "whoah neat look at what the NSA can do, I should apply!" not a screening process.
This is no different than plugging anything into anything. Stay woke :sus-torment:
I went to my school's career fair and NSA had a booth. The recruiter was super hot.
i also think federal agents are super hot, and would make an excellent target for a catfish entrapment operation :hyperflush::fedposting:
Is there a way for this to happen? I feel like intuitively there is, and the malicious software would be somehow embedded in the thingy that converts that outlet power into DC current
Hak5 sell a cable that looks identical to regular cables and allows you to implant software with it - https://hak5.org/collections/mischief-gadgets/products/o-mg-cable-usb-c
I think it just means run custom software on the cable itself, not on the device.
https://youtu.be/7YpJQT55_Y8
You can deliver payloads through the cable, as this guy shows in hacking an android phone and an ipad with it. It also let's you inject keystrokes, copy all the available data and more besides. There's also a video on the hak5 channel showing them using new exploits to hack android phones with it.
You can't actually force the thing to run custom software though, only do whatever is possible with a USB device human interface device. Probably wouldn't do much if the phone's locked.
It's USB, you're basically just plugging your phone into a computer.
Yeah, micro usb, usb-c, and thunderbolt type cables are all data cables as well as power. Since you can send info over it, malicious cables can send malicious info.
Theoretically it's fine, and there is no way to install malicious software through a charging cable. You would have to accept a data connection in your phone, and then accept whatever the connection tries to do. You would have to tap through several prompts to allow anything to happen.
But there are bugs sometimes, where there are ways around that. The NSA and CIA keep track of all of the ones that are discovered, and have teams of people who just look for new ones all day long and keep them secret so they don't get fixed till someone who isn't malicious finds them.
There aren't any that are publicly known, and there haven't been any for a long time, but you never really know for sure. I think it's more likely than not that there is no exploit in charging cables that doesn't require the user to accept a data connection from the cable.
That first sentence is very false.
Maybe not through official means/channels but physical access is the ground floor of pwn towers.
USB condom would help, but I wouldn’t even want to get near those ghouls
