this post was submitted on 13 Jun 2024
86 points (100.0% liked)

Android

17625 readers
109 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
 

Points taken from article:

  • Android 15 is adding a built-in mechanism to protect your device from “juice jacking” attacks.
  • Charging will be allowed when lockdown mode is enabled in Android 15, but USB data access will not.
  • Juice jacking is a largely theoretical problem you don’t really need to worry about, but it’s still nice that Android will protect you against it.
top 26 comments
sorted by: hot top controversial new old
[–] SonicBlue03@sh.itjust.works 61 points 4 months ago (2 children)

You certainly don't want anyone jacking your juice without permission.

[–] henfredemars@infosec.pub 38 points 4 months ago (1 children)

That’s why I use a USB condom.

[–] JimVanDeventer@lemmy.world 25 points 4 months ago (2 children)

Just in case you are joking (or people think you are) those do exist. Basically a dongle with only the power pins on each end.

[–] erwan@lemmy.ml 12 points 4 months ago (2 children)

This is only useful if you're not using your own cable. Otherwise you can simply use a "power only" cable.

[–] Pancito@lemmy.world 8 points 4 months ago (1 children)

But better use the condom dongle for only $59 !

[–] 30p87@feddit.de 4 points 4 months ago

5.49€ for a USB-C to USB-C condom, and I can't even find a USB-C charge only cable.

[–] JimVanDeventer@lemmy.world 4 points 4 months ago

Personally, I plug a power bank into the public port and charge my other devices through it. But if an AC outlet is available, that's all moot anyway.

[–] possiblylinux127@lemmy.zip 3 points 4 months ago* (last edited 4 months ago) (1 children)

Your devices will charge slowly or potentially not at all

[–] skuzz@discuss.tchncs.de 2 points 4 months ago

There are some that do power negotiation on the input side, and then power negotiation on the output side so you can have your cake and firewall it too.

[–] Mikufan@ani.social 7 points 4 months ago (2 children)

Well im more worried about people juiceing my phone in a literal sense XD

juce jacking would have to be a targeted attack, as it has to be very specific in unlocking and stealing data.

[–] scrion@lemmy.world 6 points 4 months ago (2 children)

Not necessarily, if you find an exploit that allows you to install malware without user interaction, Mactans famously did that for an older iOS version.

I'd still argue that making good use of such an exploit and rolling out the necessary, physical infrastructure does not have a great cost/reward ratio.

[–] Mikufan@ani.social 1 points 4 months ago

Ios is funnily enough more prone to such attacks as its always the same chipset with always the same OS. Android in comparison has hundreds of different OS versions and many different chipsets.

[–] treadful@lemmy.zip 1 points 4 months ago (1 children)

Just put up a free charging station or an outlet with a USB port in a hotel and you got yourself free USB connections to phones.

I can never bring myself to connect to those things.

[–] scrion@lemmy.world 1 points 4 months ago

Sure. But the number of targets you could acquire there is miniscule compared to simpler delivery mechanisms, via a malicious app download, for example, and you have larger costs (hardware) and added risks, e. g. being captured on CCTV during installation.

That's why I said, the cost/reward ratio is really off.

[–] possiblylinux127@lemmy.zip 1 points 4 months ago (1 children)

Why? I have never heard of this happening

[–] Juice@midwest.social 7 points 4 months ago

I don't use my phone for that, I swear!

[–] pedz@lemmy.ca 6 points 4 months ago

This can also be practical in places where the police can force you to unlock your phone with biometrics but not with the PIN.

Ever since I've seen the police here force people to delete the videos of them abusing citizens, I have been very wary of biometric identification.

So far my 'emergency' procedure would be to restart my phone, as it's asking for a PIN after a reboot.

[–] Dempf@lemmy.zip 4 points 4 months ago (3 children)

LineageOS has been doing this for a year or so already.

[–] Overlock@sopuli.xyz 4 points 4 months ago
[–] henfredemars@infosec.pub 3 points 4 months ago

It’s smart! Do not expose logic without first supposing an appropriate level of trust. Software can have errors.

[–] potentiallynotfelix@lemdro.id 0 points 4 months ago

Pixel UI seems to have it too, but does that not prevent data transfer?

[–] possiblylinux127@lemmy.zip 3 points 4 months ago (1 children)

How is this different from current Android

[–] henfredemars@infosec.pub 2 points 4 months ago (1 children)

Lockdown mode was introduced in 2018’s Android 9 Pie release as an optional feature users could add to their power menu. When enabled, lockdown mode hides notifications and disables all forms of authentication except for the user’s primary authentication (PIN, password, or pattern). In Android 12, Google made the lockdown mode toggle appear by default in the Android power menu, though some OEMs hide it or offer their own, similar version of the feature elsewhere.

Android 15 will further restrict USB access in this mode to help defend against attacks.

[–] pizzazz@lemmy.world 2 points 4 months ago (1 children)

Don't you already need to unlock the phone to change USB protocol?

[–] henfredemars@infosec.pub 3 points 4 months ago

Yes, but the data pins are still connected and talking to some software. That software can have vulnerabilities.

It’s more secure to allow no communication whatsoever, whereas it’s extremely hard to prove that any software is free of vulnerabilities.