Points taken from article:

  • Android 15 is adding a built-in mechanism to protect your device from “juice jacking” attacks.
  • Charging will be allowed when lockdown mode is enabled in Android 15, but USB data access will not.
  • Juice jacking is a largely theoretical problem you don’t really need to worry about, but it’s still nice that Android will protect you against it.
      • JimVanDeventer@lemmy.world
        link
        fedilink
        English
        arrow-up
        24
        ·
        5 months ago

        Just in case you are joking (or people think you are) those do exist. Basically a dongle with only the power pins on each end.

        • erwan@lemmy.ml
          link
          fedilink
          English
          arrow-up
          12
          ·
          5 months ago

          This is only useful if you’re not using your own cable. Otherwise you can simply use a “power only” cable.

          • skuzz@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            There are some that do power negotiation on the input side, and then power negotiation on the output side so you can have your cake and firewall it too.

      • scrion@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        5 months ago

        Not necessarily, if you find an exploit that allows you to install malware without user interaction, Mactans famously did that for an older iOS version.

        I’d still argue that making good use of such an exploit and rolling out the necessary, physical infrastructure does not have a great cost/reward ratio.

        • treadful@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Just put up a free charging station or an outlet with a USB port in a hotel and you got yourself free USB connections to phones.

          I can never bring myself to connect to those things.

          • scrion@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Sure. But the number of targets you could acquire there is miniscule compared to simpler delivery mechanisms, via a malicious app download, for example, and you have larger costs (hardware) and added risks, e. g. being captured on CCTV during installation.

            That’s why I said, the cost/reward ratio is really off.

  • pedz@lemmy.ca
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    This can also be practical in places where the police can force you to unlock your phone with biometrics but not with the PIN.

    Ever since I’ve seen the police here force people to delete the videos of them abusing citizens, I have been very wary of biometric identification.

    So far my ‘emergency’ procedure would be to restart my phone, as it’s asking for a PIN after a reboot.

    • henfredemars@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Lockdown mode was introduced in 2018’s Android 9 Pie release as an optional feature users could add to their power menu. When enabled, lockdown mode hides notifications and disables all forms of authentication except for the user’s primary authentication (PIN, password, or pattern). In Android 12, Google made the lockdown mode toggle appear by default in the Android power menu, though some OEMs hide it or offer their own, similar version of the feature elsewhere.

      Android 15 will further restrict USB access in this mode to help defend against attacks.

        • henfredemars@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Yes, but the data pins are still connected and talking to some software. That software can have vulnerabilities.

          It’s more secure to allow no communication whatsoever, whereas it’s extremely hard to prove that any software is free of vulnerabilities.