Hello,
Say the phone is connected by USB to a charger.
Let the charger by malicious (eg. trying to access the phone file system).
I’d like to know if the setting ‘Connected devices->USB->No data transfer’ acts as effectively as a hardware data blocker you can insert on a standard USB cable.
Does the behavior depends on the phone model ?
Thanks,
PLA
In my experience, the phone doesn’t even present a hardware identifier if it’s in the “Charging via USB” mode, across the three /e/OS phones I’ve used it with.
A hardware blocker will probably give you a bit more peace of mind, but I’ve yet to see a means to hack a device that doesn’t tell the other end of the cable that it’s a device.
I don’t see the “Charging via USB” mode, only the ‘Connected devices->USB->No data transfer’ setting.
When I plug my Pixel 5 (locked or not) on a PC, Windows detects a Pixel 5 phone, and display an empty file explorer (until I grant file transfert on the phone).
So a phone identifier, at least, is shared with the ‘charger’.
If I set ‘Restrict USB->Allow USB connections when unlocked’, the locked phone is not detected by windows.
It is still not detected if I unlock it after being plugged, so the phone is usable when charging.
So this seems the way to go to be safer, but it’s not the default setting.
Of course the default (origin) setting is to have USB debugging off; it requires the user to request / accept Developer options before allowing. Some would recommend to return USB debugging to off to improve phone security.
This malicious charger would require a data cable rather than a charging cable to do its evil work.
Yes, USB debugging is always off for me.
Charging-only cables are less common, less versatile and more expensive than regular cables.
So I prefer the protection at the phone level, if it’s as effective as the hardware data blocking.