this post was submitted on 13 Jun 2024

85 points (100.0% liked)

Android

17235 readers

91 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 1 year ago

MODERATORS

[email protected]

Lockdown mode in Android 15 protects your phone from 'juice jacking' (www.androidauthority.com)

submitted 2 months ago by [email protected] to c/[email protected]

26 comments fedilink hide all child comments

Points taken from article:

Android 15 is adding a built-in mechanism to protect your device from “juice jacking” attacks.
Charging will be allowed when lockdown mode is enabled in Android 15, but USB data access will not.
Juice jacking is a largely theoretical problem you don’t really need to worry about, but it’s still nice that Android will protect you against it.

top 26 comments

sorted by: hot top controversial new old

[–] [email protected] 61 points 2 months ago (2 children)

You certainly don't want anyone jacking your juice without permission.

[–] [email protected] 38 points 2 months ago (1 children)

That’s why I use a USB condom.

[–] [email protected] 25 points 2 months ago (2 children)

Just in case you are joking (or people think you are) those do exist. Basically a dongle with only the power pins on each end.

[–] [email protected] 12 points 2 months ago (2 children)

This is only useful if you're not using your own cable. Otherwise you can simply use a "power only" cable.

[–] [email protected] 8 points 2 months ago (1 children)

But better use the condom dongle for only $59 !

[–] [email protected] 4 points 2 months ago

5.49€ for a USB-C to USB-C condom, and I can't even find a USB-C charge only cable.

[–] [email protected] 4 points 2 months ago

Personally, I plug a power bank into the public port and charge my other devices through it. But if an AC outlet is available, that's all moot anyway.

[–] possiblylinux127 3 points 2 months ago* (last edited 2 months ago) (1 children)

Your devices will charge slowly or potentially not at all

[–] [email protected] 2 points 2 months ago

There are some that do power negotiation on the input side, and then power negotiation on the output side so you can have your cake and firewall it too.

[–] [email protected] 7 points 2 months ago (2 children)

Well im more worried about people juiceing my phone in a literal sense XD

juce jacking would have to be a targeted attack, as it has to be very specific in unlocking and stealing data.

[–] [email protected] 6 points 2 months ago (2 children)

Not necessarily, if you find an exploit that allows you to install malware without user interaction, Mactans famously did that for an older iOS version.

I'd still argue that making good use of such an exploit and rolling out the necessary, physical infrastructure does not have a great cost/reward ratio.

[–] [email protected] 1 points 2 months ago

Ios is funnily enough more prone to such attacks as its always the same chipset with always the same OS. Android in comparison has hundreds of different OS versions and many different chipsets.

[–] treadful 1 points 2 months ago (1 children)

Just put up a free charging station or an outlet with a USB port in a hotel and you got yourself free USB connections to phones.

I can never bring myself to connect to those things.

[–] [email protected] 1 points 2 months ago

Sure. But the number of targets you could acquire there is miniscule compared to simpler delivery mechanisms, via a malicious app download, for example, and you have larger costs (hardware) and added risks, e. g. being captured on CCTV during installation.

That's why I said, the cost/reward ratio is really off.

[–] possiblylinux127 1 points 2 months ago (1 children)

Why? I have never heard of this happening

[–] [email protected] 1 points 2 months ago

https://youtu.be/KWqw5SpITg8

[–] [email protected] 7 points 2 months ago

I don't use my phone for that, I swear!

[–] [email protected] 6 points 2 months ago

This can also be practical in places where the police can force you to unlock your phone with biometrics but not with the PIN.

Ever since I've seen the police here force people to delete the videos of them abusing citizens, I have been very wary of biometric identification.

So far my 'emergency' procedure would be to restart my phone, as it's asking for a PIN after a reboot.

[–] Dempf 4 points 2 months ago (3 children)

LineageOS has been doing this for a year or so already.

[–] [email protected] 4 points 2 months ago

Same on GrapheneOS :)

[–] [email protected] 3 points 2 months ago

It’s smart! Do not expose logic without first supposing an appropriate level of trust. Software can have errors.

[–] [email protected] 1 points 2 months ago

Pixel UI seems to have it too, but does that not prevent data transfer?

[–] possiblylinux127 3 points 2 months ago (1 children)

How is this different from current Android

[–] [email protected] 2 points 2 months ago (1 children)

Lockdown mode was introduced in 2018’s Android 9 Pie release as an optional feature users could add to their power menu. When enabled, lockdown mode hides notifications and disables all forms of authentication except for the user’s primary authentication (PIN, password, or pattern). In Android 12, Google made the lockdown mode toggle appear by default in the Android power menu, though some OEMs hide it or offer their own, similar version of the feature elsewhere.

Android 15 will further restrict USB access in this mode to help defend against attacks.

[–] [email protected] 2 points 2 months ago (1 children)

Don't you already need to unlock the phone to change USB protocol?

[–] [email protected] 3 points 2 months ago

Yes, but the data pins are still connected and talking to some software. That software can have vulnerabilities.

It’s more secure to allow no communication whatsoever, whereas it’s extremely hard to prove that any software is free of vulnerabilities.