USB headphone and security

ACuriousFellow

Hi all
I currently don't trust USB connections and therefore want to have the highest level of safety applied to it and therefore have USB c set to charge only in all cases.

I know this is wanting to have my cake and eat it too, but I also want to use USB headphones as a"trusted" USB connection .

So from my understanding is to then have USB charge only when locked. This would allow me to plug my headphones in and then I can have both.

The question is then if I plug into a compromised USB port (say to charge on public transport ) and unlock my phone to check a message, how much exposure does the phone then have to attack?

Thanks for any insight anyone can give

ryrona

ACuriousFellow The question is then if I plug into a compromised USB port (say to charge on public transport ) and unlock my phone to check a message, how much exposure does the phone then have to attack?

File transfer is disabled by default, so the compromised USB port cannot access that. But I imagine the compromised USB port might pretend to be a keyboard or mouse, and therefore perform actions on your device against your will. I don't know if Android supports USB HID devices, or require approval before they are usable, I think I will try this out just to see, but for most devices it is common that USB HID devices works without any approval needed. There is of course also the risk that the compromised USB port pretends to be an unusual USB device of some kind those driver on your device has a known vulnerability. I think the attack surface is rather large in your scenario, and definitely shouldn't be ignored.

As far as I know, there exist USB charging cables that do not have the data wires in them, and can only be used for charging. If you use one of those when charging at public transports, you should be safe.

GrapheneOS

ACuriousFellow Recommend setting it to charging-only before you connect to an untrusted charger.

ryrona

ryrona I think I will try this out just to see

Yes, connecting a USB-A to USB-C hub into my Pixel phone, and then connecting both a regular USB mouse and regular USB keyboard made them both work perfectly fine to interact with the phone, without requiring me to approve those input devices first.

So, that means, any compromised USB port can do anything with your device you can do yourself, except scanning your fingerprint or guessing your PIN, so some security settings including enabling file transfer is still protected. But it could likely install a compromised app on your phone and give it all permissions and exfiltrate all your data that way.

So, don't connect your device in random untrusted USB ports, unless you have a charging only USB cable, or have changed the USB mode to charging only (even when unlocked).

As far as I know, QubesOS is the only operating system that has proper protection against USB initiated attacks, without disabling USB data entirely. GrapheneOS still protect against certain attacks by default, such as someone else than you plugging a malicious device into your phone, for example after having taken your phone. And you can enable and disable charging only mode (even when unlocked) as you want, so you can safely charge your device anywhere. As long as you remember to do that.

Watermelon

https://github.com/GrapheneOS/os-issue-tracker/issues/32
EDIT: Please refrain from adding comments in the link unless you've got something meaningful to add. Saying so it wouldn't get cluttered with "me too" kind of comments.

ACuriousFellow

Watermelon thanks for the link