How to spot a fake data blocker that could hack your computer in seconds

One of these data blockers is fake and could hack your computer if you plugged it into the data port!

One of these data blockers is fake and could hack your computer if you plugged it into the data port!

Adrian Kingsley-Hughes/ZDNET

Data blockers — also known as USB condoms — are one of those cheap security tools that I recommend everyone who might find themselves using a random charger have in their pocket or bag. Along with a good VPN, antivirus software, and an encrypted flash drive, it’s one of those modern-day security tools that I think are essential.

OK, first off, what are data blockers? It’s a small dongle that adds a layer of protection between your device and the charging point you’re attaching it to, and it allows charging to happen but blocks any data from being communicated by physically severing the USB data lines, putting an air gap between the USB port and your smartphone, laptop, or whatever you are charging. 

Also: The best VPN services you can buy

Why is this important? USB isn’t just a charging protocol, it also allows data to flow back and forth, and while most of the time this data flow is safe, it is possible to create a malicious charging port that can do bad things, such as plant malware on your device or steal your data

I’m a big fan of the data blockers sold by PortaPow These are an inexpensive and super-simple solution to the problem of using untrusted USB charging devices.  

PortaPow 3rd-Gen USB Data Blockers

ZDNET RECOMMENDS

2 x PortaPow 3rd-Gen USB Data Blockers

PortaPow has the only data blocker where the two wires which carry data have been physically removed, so you can be sure it is working. 

View at Amazon

Now, the other day a reader told me they were at an airport where someone was “handing out free USB data blockers,” and they wondered if I thought that was a bit strange. 

Also: Finally, a rugged Android phone that doesn’t look and feel like a brick

Well, it is, because quite honestly, I wouldn’t trust a USB device that was handed out to me randomly. It could be anything, and after all, there are malicious data blockers out there in the wild.

Take a look at that image above and see if you can spot the fake data blocker there.

See it? No?

It’s this one.

Fake data clocker amongst a bunch of real ones

Fake data clocker amongst a bunch of real ones

Adrian Kingsley-Hughes/ZDNET

That is a fake data blocker by a company called O.MG and it’s called the UnBlocker. While there are a lot of homebrew methods of making a malicious fake data blocker, this is a very high-quality commercial one that is hard to distinguish from a real data blocker — unless you know what to look for!

The O.MG UnBlocker.

The O.MG UnBlocker.

Adrian Kingsley-Hughes/ZDNET

On the outside it looks like a regular data blocker, but on the inside it is packed with hardware that can be used to drop malicious payloads onto devices, and it can even be connected to remotely using Wi-Fi. 

Here I’m using a special programmer to initialize the UnBlocker to get it ready for… well, whatever really.

Initializing the O.MG UnBlocker.

Initializing the O.MG UnBlocker.

Adrian Kingsley-Hughes/ZDNET

OK, so how can you spot a fake data blocker?

Take a close look at the USB plug on the PortaPow data blocker and notice how there are only two connectors in the plug, and that the two middle pins — the pins that are used to transmit data — are missing. There’s even a cutout in the top of the USB plug and the words NO DATA printed on the connector.

The two middle pins in the USB plug are missing, meaning this plug can't carry data.

The two middle pins in the USB plug are missing, meaning this plug can’t carry data.

Adrian Kingsley-Hughes/ZDNET

For those who need more reassurance that their data blocker hasn’t been tampered with, PortaPow also make data blockers that are transparent.

PortaPow also makes a transparent USB data blocker.

PortaPow also makes a transparent USB data blocker.

Adrian Kingsley-Hughes/ZDNET

Compare this to the UnBlocker which still has all four pins fitted. This is an immediate red flag. 

The UnBlocker has all four USB pins fitted, meaning it can carry data.

The UnBlocker has all four USB pins fitted, meaning it can carry data.

Adrian Kingsley-Hughes/ZDNET

Another way to spot a malicious data blocker (or cable or dongle — all these exist) is to use a malicious cable detector. Plug one end of the malicious cable detector into a USB adapter (not a device like a PC!), and the other end to a device you’re concerned about, and if the logo glows a bright red, something suspicious is going on.

The malicious cable detector spots that the UnBlocker is an active device.

The malicious cable detector spots that the UnBlocker is an active device.

Adrian Kingsley-Hughes/ZDNET

At $150 a pop, I don’t think someone was handing out UnBlockers at an airport (unless hackers were targeting someone really important), but I still wouldn’t plug anything like this into any of my devices. 

Also: The best antivirus software and apps to protect your devices

My recommendation is to buy your own data blockers — get a couple for USB-A and a couple for USB-C chargers — and maybe personalize them with stickers or some nail polish or scratch your name in them so they can’t be swapped or tampered with, and make them part of your travel kit. 

Better to be safe than sorry!

Source Link

LEAVE A REPLY

Please enter your comment!
Please enter your name here