Charging on a London bus? Here's how to stay secure

London buses will have USB ports for charging smartphones, which isn't the security threat it may sound

Stuck on a bus in London traffic is annoying enough without running short of charge on your smartphone. 

But thanks to Mayor of London Sadiq Khan's new fleet of electric buses, London commuters on routes 507 and 521 will be able to recharge on the go, with twelve seats on each vehicle fitted with a USB port for charging. 

Advertisement - Article continues below

Is it safe to use such power ports, though, or do they come with a security risk? We asked the experts whether it's a good idea to charge and ride. For once with security, it's good news.

If you plug your phone into a laptop to recharge, data can leak. "Whenever a person plugs his/her mobile device into a USB port for charging, there is an exchange of data between the device and the USB host, behind which there could be someone or something intent on monitoring the activity on the device, tracking a user's location or even infecting a phone with malware," noted Kaspersky Lab's principal security researcher David Emm. 

However, USB ports can be used for both data and charging, and like airplane and other public ports, these are often only for power - and that significantly reduces the risk.

Advertisement - Article continues below

"As long as they are just USB chargers, there is not a security threat here," said Luis Corrons, PandaLabs technical director.  "There have been shown attacks where you could hack a phone with a charger, but that implies having a specifically modified charger to do that, so risk is close to zero."

Advertisement - Article continues below

Physical tampering

If the physical port looks as though it's been tampered with, you may want to avoid using it, however. "If they are just chargers, as long as hardware is not tampered with - that's the only thing to be secured - there is no problem at all," Corrons added.

The charging hardware can be tampered with just like a bank machine. "Ports that are designed to only charge can have devices mounted on top, like a card skimmer on an ATM," said Sean Sullivan, security advisor at F-Secure. 

Sullivan said he's not aware of any cases of malware spreading this way, but that doesn't mean hackers aren't trying. "If I recall the reporting correctly, airlines often need to clean malware off of inflight systems," he said. "But that's stuff that copied itself it didn't run so the malware 'spreads' but doesn't execute. I don't know of any cases of infections in-the-wild via USB connections."

Advertisement - Article continues below

Corrons agreed that there's been no attacks in the wild with public charging points, but said there's been limited proof-of-concept attacks. "If hypothetically speaking someone come up with a way to somehow write in the charger firmware, it could [develop] a malware to spread this way. Although in this case all chargers would be at risk, not just the public ones."

That said, USB malware does exist, and Emm pointed to previous cases where data has been stolen from mobile devices connected to PCs. "This technique was used in 2013 as part of the cyber-espionage campaign Red October," he noted. "The Hacking Team group also made use of a computer connection to load a mobile device with malware."

Advertisement - Article continues below

How to stay safe with public charging points

If that concerns you, there are security precautions you can take. 

External power banks are a wise choice for anyone frequently short on charge - not least because you may not always have a bus to hand. "The popularity of Pokmon Go has resulted in lots of sales on Power Banks," said Sullivan. "I recommend buying one if you need power on the go."

Advertisement - Article continues below

And just as hackers can have hardware to attack recharging bus riders, we too can turn to physical protection, said Andrew Patel, senior manager of technology outreach at F-Secure. "This is what a USB condom is for." 

Yes, that's actually a thing, and as with other areas of your life, it's smart to slap a condom on to stay protected. SyncStop is one example; it's a small widget that sits between your device and the charging USB port, preventing any data leakage. 

They cost $5 for an uncased version, and $19 for a cleaner looking package; in the UK, there's a rival version on Amazon for about 5

Kaspersky developed its own version called Pure.Charger, which stops data from being transfered to the charging device. 

"The device is compact and lightweight, with an intuitive touch-screen interface that allows users to charge a mobile device while controlling the data transfer to and from the host," said Emm. 

Advertisement - Article continues below

However, the Kickstarter project for it failed to meet its funding goal. Emm said it was "an experiment to attract the attention of a wider audience to the problem of unsafe charging and to see whether users are concerned about such threats and ready to adopt additional measures to protect their data." 

It would appear most people aren't worried, and the other two experts we spoke to suggested that isn't foolish of them, and there's no reason to avoid bus USB ports if your smartphone is in need of a recharge. 

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

How to enhance your backup strategy

27 Feb 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020