20160414 Just A Few Thoughts On What I Think Is

Keith I MyersKeith I Myers2016-04-14 12:16:54-0400 – Updated: 2016-04-14 12:16:54-0400Just a few thoughts on what I think is a massive weakness in Android that may already be in use. Any USB device that is connected to an Android phone should be placed in a “Power Only” state unless added to a whitelist, similar to what Android does with ADB devices.

Why? If I were to embed a small PC such as a Raspberry Pi 2 into a rogue USB power brick. This power brick would use MTP to harvest photos from your phone and copy them to local storage for later blackmail. 

Aside from my use case posted above – some law enforcement agencies are looking into devices that police can use to harvest evidence on your phone to prove that you were texting and driving without a warrant!. 

Furthermore USB Devices should have a granular permissions model similar to Bluetooth Devices and Applications. Should a charger be allowed to access your photos or be allowed to send keystrokes to your phone? If you plug your phone into a friends’s laptop for an emergency charge, how do you prevent their photo backup tool from thinking your phone is their DSLR? Just a few thoughts on what I think is a massive weakness in Android that may already be in use. Any USB device that is connected to an Android phone should be placed in a "Power Only" state unless added to a whitelist, similar to what Android does with ADB devices.

Why? If I were to embed a small PC such as a Raspberry Pi 2 into a rogue USB power brick. This power brick would use MTP to harvest photos from your phone and copy them to local

Just a few thoughts on what I think is a massive weakness in Android that may already be in use. Any USB device that is connected to an Android phone should be placed in a “Power Only” state unless added to a whitelist, similar to what Android does with ADB devices.Why? If I were to embed a small PC such as a Raspberry Pi 2 into a rogue USB power brick. This power brick would use MTP to harvest photos from your phone and copy them to local

Shared with: Public+1’d by: Anushirvan parsa, Dor Kleiman, Joseph Cappellino, Tobias Gisi, Vilmar Simson

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Comment