Yes. Yes they can.

By eSTDs I really mean malware.[1] By exploiting security flaws in the phone, it is possible to inject malware into a phone via a USB connection.[2] Hence, it is possible to create a malicious charger that looks benign, but actually infects your phone or other devices.

As far as I know, all currently known vulnerabilities on Android and iOS through this method have been patched. However, this does not mean no security vulnerabilities currently exist.

Use Protection When Using Public USB Chargers

Any public USB charger, such as those found in airports or coffee shops, could be configured in this manner. While it is highly unlikely the business providing these USB chargers tampered with them, in much the same way that criminals install skimmers onto ATMs or gas station kiosks, criminals could have tampered with them.

There are a several ways to solve this problem:

  1. Don't use public USB chargers. This may necessitate carrying a power bank.
  2. Use tape to cover the data contacts on a USB cable. The inner gold contacts are responsible for data, whereas the outer contacts are responsible for power.
  3. Use a power only USB cable, which has the data contacts removed.
  4. Bring your own USB AC adapter
  5. Use a USB condom (affiliate link - thank you for supporting my blog)

USBCondom

The USB condom (they sadly do not brand the device this way) looks like a USB flash drive, but is actually a device that passes through only power, not data. It has no data contacts, and even provides a little cutout so you can easily verify for yourself that the data contacts have indeed been removed. By plugging this into a USB charger first, you can use any USB cable you want, without having to mess with tape, while still being protected.


  1. And if you protest the use of sexual in this context, may I remind you that the ends of computer cables are referred to as male and female... ↩︎

  2. Black Hat, How to Geek ↩︎