In-depth

Charging on a London bus? Here's how to stay secure

London buses will have USB ports for charging smartphones, which isn't the security threat it may sound

Stuck on a bus in London traffic is annoying enough without running short of charge on your smartphone. 

But thanks to Mayor of London Sadiq Khan's new fleet of electric buses, London commuters on routes 507 and 521 will be able to recharge on the go, with twelve seats on each vehicle fitted with a USB port for charging. 

Is it safe to use such power ports, though, or do they come with a security risk? We asked the experts whether it's a good idea to charge and ride. For once with security, it's good news.

If you plug your phone into a laptop to recharge, data can leak. "Whenever a person plugs his/her mobile device into a USB port for charging, there is an exchange of data between the device and the USB host, behind which there could be someone or something intent on monitoring the activity on the device, tracking a user's location or even infecting a phone with malware," noted Kaspersky Lab's principal security researcher David Emm. 

Advertisement
Advertisement - Article continues below

However, USB ports can be used for both data and charging, and like airplane and other public ports, these are often only for power - and that significantly reduces the risk.

"As long as they are just USB chargers, there is not a security threat here," said Luis Corrons, PandaLabs technical director.  "There have been shown attacks where you could hack a phone with a charger, but that implies having a specifically modified charger to do that, so risk is close to zero."

Physical tampering

If the physical port looks as though it's been tampered with, you may want to avoid using it, however. "If they are just chargers, as long as hardware is not tampered with - that's the only thing to be secured - there is no problem at all," Corrons added.

The charging hardware can be tampered with just like a bank machine. "Ports that are designed to only charge can have devices mounted on top, like a card skimmer on an ATM," said Sean Sullivan, security advisor at F-Secure. 

Sullivan said he's not aware of any cases of malware spreading this way, but that doesn't mean hackers aren't trying. "If I recall the reporting correctly, airlines often need to clean malware off of inflight systems," he said. "But that's stuff that copied itself it didn't run so the malware 'spreads' but doesn't execute. I don't know of any cases of infections in-the-wild via USB connections."

Corrons agreed that there's been no attacks in the wild with public charging points, but said there's been limited proof-of-concept attacks. "If hypothetically speaking someone come up with a way to somehow write in the charger firmware, it could [develop] a malware to spread this way. Although in this case all chargers would be at risk, not just the public ones."

That said, USB malware does exist, and Emm pointed to previous cases where data has been stolen from mobile devices connected to PCs. "This technique was used in 2013 as part of the cyber-espionage campaign Red October," he noted. "The Hacking Team group also made use of a computer connection to load a mobile device with malware."

How to stay safe with public charging points

If that concerns you, there are security precautions you can take. 

Advertisement
Advertisement - Article continues below

External power banks are a wise choice for anyone frequently short on charge - not least because you may not always have a bus to hand. "The popularity of Pokmon Go has resulted in lots of sales on Power Banks," said Sullivan. "I recommend buying one if you need power on the go."

And just as hackers can have hardware to attack recharging bus riders, we too can turn to physical protection, said Andrew Patel, senior manager of technology outreach at F-Secure. "This is what a USB condom is for." 

Yes, that's actually a thing, and as with other areas of your life, it's smart to slap a condom on to stay protected. SyncStop is one example; it's a small widget that sits between your device and the charging USB port, preventing any data leakage. 

They cost $5 for an uncased version, and $19 for a cleaner looking package; in the UK, there's a rival version on Amazon for about 5

Kaspersky developed its own version called Pure.Charger, which stops data from being transfered to the charging device. 

"The device is compact and lightweight, with an intuitive touch-screen interface that allows users to charge a mobile device while controlling the data transfer to and from the host," said Emm. 

However, the Kickstarter project for it failed to meet its funding goal. Emm said it was "an experiment to attract the attention of a wider audience to the problem of unsafe charging and to see whether users are concerned about such threats and ready to adopt additional measures to protect their data." 

It would appear most people aren't worried, and the other two experts we spoke to suggested that isn't foolish of them, and there's no reason to avoid bus USB ports if your smartphone is in need of a recharge. 

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/back-up/29084/how-to-enhance-your-backup-strategy
backup

How to enhance your backup strategy

10 Oct 2019
Visit/data-loss-prevention/28864/data-recovery-why-is-it-so-important
data recovery

Data recovery: Why is it so important?

9 Oct 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019