alfora
Ars TechnicaFearmongering over public charging stations needs to stop. Here’s why
Juice jacking attacks on mobile phones are nonexistent. So why are we so afraid?
Gabriele Pollara@arstechnica oh good, i hadn't even ever considered public chrarging as a security risk!
Tom Bellin 
@arstechnica I'm sure i agree with the thrust of the article, but as a person who designs software for end users, a Yes/No dialog is not a security feature.
Dan Goodin@tob @arstechnica Please read the post and circle back with your thoughts. I’d be very interested in them given your background.
@dangoodin @arstechnica no real critique of the article itself.
I don't mind the govt warnings. I think there's some potential danger in using public charging infrastructure that normies wouldn't really think about. And so if an article in the NYT makes them a bit more cautious than they would have been, what's the harm in that?
Gregory P. Smith (he/him) 
🚲🦝 
@tob
The warnings are 100% useless. They instill an irrational culture of fear in people who'll never experience problems or know anyone who ever will. It is pure PR intended to make the audience lean pro-police-state by wrongly believing the state thugs did something useful for them.
The statistics around likelihood of such an attack being worthwhile mean it just isn't going to be done.
The harm is that you've just increased the fear level of the population who, like your PR dept, is incapable of understanding that this is a wholly irrelevant risk.
It's as useful as a press release warning people to beware of wolves when they go to the theater.
@gpshead @dangoodin @arstechnica I think you greatly overestimate both the level of concern among regular people and the amount they pay attention to these kinds of warnings.
If regular people were even marginally more paranoid about their personal data security, it would be a good thing.
@tob @gpshead @arstechnica I agree 💯. One of the main reasons people don’t care is engineers and security practitioners make being secure way too inconvenient and way too hard. That’s why the FBI should stop with the fear mongering, don’t you think?
@tob
People have limited time and attention spans, this isn't a high value thing that'll save a meaningful number of people from trouble. I appreciate that it makes some people think (good)... but not generally about the important things.
Ex: Why aren't the TLAs screaming to get a media cycle telling people that they're screwed if they don't have automatic software security updates and reboots enabled? That one device health behavior improvement would save many orders of magnitude more potential victims than "don't do promiscuous charging."
@dangoodin @arstechnica
ArneBab@arstechnica "target of nation-state hackers" — so everyone with a youtube-channel these days.
The war against Ukraine has significantly stepped up risk for everyday people.
Urethramancer🐀@arstechnica I charge my charger, which doesn't have enough of a computer to be a danger. Not worried about public charging :)
Haelwenn /элвэн/ 
@arstechnica
> They're nonsense
> Not seen in the wild
Later on:
> Known as sold to government agencies
> Publicly demonstrated as possible
Are you being serious?
> They're nonsense
> Not seen in the wild
Later on:
> Known as sold to government agencies
> Publicly demonstrated as possible
Are you being serious?
@lanodan @arstechnica The government alerts warn of opportunistic juice jacking against average people in airports, hotels, and other public spaces. For the reasons explained in the article, that’s nonsense. Also, did you read the post before pissing all over it?
@dangoodin @arstechnica I obviously did read it. First page and title should have been done much better because the later pages ends up in contradiction.
I'm not saying that government alerts and some infosec folks aren't overreacting, in fact I'm often saying that they are.
But here it's something genuine that can actually happen and get more widespread because it's cheap to deploy. Meanwhile it's also rather cheap to protect yourself against.
I'm not saying that government alerts and some infosec folks aren't overreacting, in fact I'm often saying that they are.
But here it's something genuine that can actually happen and get more widespread because it's cheap to deploy. Meanwhile it's also rather cheap to protect yourself against.
B’Mal Suj@arstechnica
I'd always figured the warning were overblown. Nice to have you all do some legwork and agree.
I'd always figured the warning were overblown. Nice to have you all do some legwork and agree.
PetterOfCats@arstechnica while it is possible that a person can pass edibles out to children for Halloween, does it actually happen?
This has the same energy.
Lstn2urmama 🇨🇦@arstechnica first time for everything ??
Rastal@arstechnica Those sorts of attacks are rare, but they are not non existent.
Brittle Anxious Nonlinear Inco@arstechnica next they'll be telling me not to download that car
JamesTDG@arstechnica I'm actually curious about that one
Jason "JK" Keirstead@arstechnica Here is the deal... the cybersecurity threat may not be real, but the fact the port or its internal transformer can be damaged and fry your device is very real.
That's what I honestly worry more about. I only charge my phone with my own charger, I reserve public ports for my watch charger only.
kepler@arstechnica To be fair, if I'm charging in public I'd rather have an AC outlet than a USB-A port since I don't keep USB-A cables around anymore.