1. Forum
  2. FidoNet
  3. linux.debian.user

  • Re: USB devices and security

    From CGS@3:633/10 to All on Saturday, May 16, 2026 18:10:02
    On 2026-05-16, Henrik Ahlgren <pablo@seestieto.com> wrote:

    Anyway, today, modern powerful GaN chargers are tiny, so bring your own,
    not just a cable.

    What's a GaN charger?

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From tomas@3:633/10 to All on Saturday, May 16, 2026 18:40:01
    On Sat, May 16, 2026 at 04:07:01PM -0000, CGS wrote:
    On 2026-05-16, Henrik Ahlgren <pablo@seestieto.com> wrote:

    Anyway, today, modern powerful GaN chargers are tiny, so bring your own, not just a cable.

    What's a GaN charger?
    A switching power supply. The switching transistors are gallium nitride,
    which allows for higher switching frequencies (at pretty low losses) and
    thus for smaller inductive components and smaller packages. This makes
    for surprisingly small power supplies
    But they'll only help you if you find a mains outlet -- many public transport vehicles and places (rail stations, e.g.) in our area do have USB-A charging sockets but no mains. Which kinda makes sense.
    Cheers
    --
    t


    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From CGS@3:633/10 to All on Saturday, May 16, 2026 18:50:01
    On 2026-05-16, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:

    Anyway, today, modern powerful GaN chargers are tiny, so bring your own, >> > not just a cable.

    What's a GaN charger?

    A switching power supply. The switching transistors are gallium nitride, which allows for higher switching frequencies (at pretty low losses) and
    thus for smaller inductive components and smaller packages. This makes
    for surprisingly small power supplies

    But they'll only help you if you find a mains outlet -- many public transpo= rt
    vehicles and places (rail stations, e.g.) in our area do have USB-A charging sockets but no mains. Which kinda makes sense.

    I was interested in Andy Smith's comment about power/data usb cables.

    I'm dumbfounded how GaN chargers got into this. My question was actually non-rhetorical.

    Someone said all modern charging cables support data transfer. Where can I acquire one that doesn't?

    I guess I'll have to figure it out by myself.


    Cheers

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Henrik Ahlgren@3:633/10 to All on Saturday, May 16, 2026 19:20:01
    CGS <etphonehomefrance@gmail.com> writes:

    I'm dumbfounded how GaN chargers got into this. My question was actually non-rhetorical.

    The easiest way to protect yourself against "juice jacking" attacks is
    to use your own cables and chargers. This is less of a hassle with
    modern chargers that are small enough to fit in your pocket (25W
    models). On the other hand, juice jacking is mostly theoretical; I don't believe there have been any documented real-world cases. Of course,
    it all depends on your personal threat model.

    https://en.wikipedia.org/wiki/Juice_jacking

    Someone said all modern charging cables support data transfer. Where can I acquire one that doesn't?

    There are several products available, like

    https://plugable.com/products/usbc-cc1m

    I believe those must have some active electronics to allow for Power
    Delivery negotation while blocking all other data transfer.

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From tomas@3:633/10 to All on Sunday, May 17, 2026 09:50:01
    On Sat, May 16, 2026 at 10:32:20PM -0500, David Wright wrote:
    On Fri 15 May 2026 at 21:52:36 (+0200), tomas@tuxteam.de wrote:
    [...]
    https://en.wikipedia.org/wiki/BadUSB

    Who needs automount?

    OK, I see now that you're extending the discussion from charging ports
    to inserting random USB sticks into your computer when you don't know
    their provenance. I guess the techies that are likely to encounter
    these devices are employed way above my paygrade. I'd be flattered
    to be targeted by the people who make these devices.
    (Likewise if I was sent a white powder in the mail?I don't have
    the means to distinguish flour from anthrax.)
    Not necessarily, see below.
    I don't work for a company where they block your USB ports or harden
    their machines to that extent. Whether hardened versions of Debian
    can determine if an attached keyboard is genuine before accepting its keystrokes, IDK.
    USB devices identify themselves with a couple of numbers: the device
    class, the vendor ID and the product ID [1],as defined by the vendor.
    The device can do whatever it wants, it's just firmware pushing bits,
    so no -- it can tell your computer whatever it wants.
    The operating system then uses these IDs to decide what to do (e.g.
    load a kernel driver, whatnot). Udev is the one responsible for
    that in our countries.
    But Stefan's approach went another way: ask the user (they are, after
    all, those sticking the thing into the port). If you stick your device
    to a charger and it asks you "is connecting to this keyboard OK?",
    it's on you to say "HELL, NO!" :-)
    Having that as an option makes sense.
    Cheers
    [1] http://www.linux-usb.org/usb-ids.html
    --
    t


    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From David Wright@3:633/10 to All on Sunday, May 17, 2026 17:00:01
    On Sun 17 May 2026 at 09:49:13 (+0200), tomas@tuxteam.de wrote:
    USB devices identify themselves with a couple of numbers: the device
    class, the vendor ID and the product ID [1],as defined by the vendor.

    The device can do whatever it wants, it's just firmware pushing bits,
    so no -- it can tell your computer whatever it wants.

    The operating system then uses these IDs to decide what to do (e.g.
    load a kernel driver, whatnot). Udev is the one responsible for
    that in our countries.

    I agree. The more that udev can inform us about, the better.
    My own udev scripts are a tiny part of that. Obviously you
    have to be careful with keyboards, as you need a device for
    submitting your response!

    But Stefan's approach went another way: ask the user (they are, after
    all, those sticking the thing into the port). If you stick your device
    to a charger and it asks you "is connecting to this keyboard OK?",
    it's on you to say "HELL, NO!" :-)

    Having that as an option makes sense.

    Sure. But I thought charging ports were done and dusted about
    five posts upthread (power-only cable/power bank/mains adapter).
    The approach is akin to assuming all fuel pumps have had a
    credit-card skimmer installed (but more practical).

    Cheers,
    David.

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
  • From Stefan Monnier@3:633/10 to All on Sunday, May 17, 2026 17:50:01
    But Stefan's approach went another way: ask the user (they are, after
    all, those sticking the thing into the port). If you stick your device
    to a charger and it asks you "is connecting to this keyboard OK?",
    it's on you to say "HELL, NO!" :-)
    Having that as an option makes sense.
    Sure. But I thought charging ports were done and dusted about
    five posts upthread (power-only cable/power bank/mains adapter).
    The approach is akin to assuming all fuel pumps have had a
    credit-card skimmer installed (but more practical).

    We've learned to make it tolerable for random end users in the context
    of Bluetooth (rather than only for those paranoid ones which walk around
    with power-banks and mains chargers), so I wish we could do the same
    for USB. ?

    It's not like people usually spend a large amount of time connecting
    USB devices.


    === Stefan

    --- PyGate Linux v1.5.14
    * Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)