06-28-18 02:28 PM
27 12
tools
  1. elcheapodeluxe's Avatar
    The KeyONE is marketed as a secure device, but I have doubts about the security of the USB interface. Yes, by default the usb port selects the "charge only" mode, but there is evidence that communication occurs on the port regardless. When plugging my phone into some rental cars (2018 Camry LE is one) my phone pops up each time asking me to download some app that enables features with the Camry entertainment system). Also, when plugging the phone into a Windows PC, even at Charge Only, you will see the device in device manager and the pop-up "what do you want to do when this device is connected". As far as I am concerned, any "limited" connection is also a back door. When I say charge-only, I mean charge-only. I don't want someone able to pick my phone up off a desk and plug it into a black box and begin cracking it. I want that port to be dead except for charging, like I asked! Is there any way to achieve this?
    06-14-18 02:20 PM
  2. conite's Avatar
    The KeyONE is marketed as a secure device, but I have doubts about the security of the USB interface. Yes, by default the usb port selects the "charge only" mode, but there is evidence that communication occurs on the port regardless. When plugging my phone into some rental cars (2018 Camry LE is one) my phone pops up each time asking me to download some app that enables features with the Camry entertainment system). Also, when plugging the phone into a Windows PC, even at Charge Only, you will see the device in device manager and the pop-up "what do you want to do when this device is connected". As far as I am concerned, any "limited" connection is also a back door. When I say charge-only, I mean charge-only. I don't want someone able to pick my phone up off a desk and plug it into a black box and begin cracking it. I want that port to be dead except for charging, like I asked! Is there any way to achieve this?
    "Charge only" uses power. Systems can detect the draw and correctly assume that you've plugged something in.
    06-14-18 02:47 PM
  3. elcheapodeluxe's Avatar
    "Charge only" uses power. Systems can detect the draw and correctly assume that you've plugged something in.
    It's doing more than that if it is identifying itself as an MTP type device, providing a name, handshaking with a car to communicate the desirability of an app, etc....

    I don't care about the power draw, I do care about the information being exchanged on the data bus.
    Soapm likes this.
    06-14-18 02:51 PM
  4. conite's Avatar
    It's doing more than that if it is identifying itself as an MTP type device, providing a name, handshaking with a car to communicate the desirability of an app, etc....

    I don't care about the power draw, I do care about the information being exchanged on the data bus.
    Don't worry. The USB bus is governed by the OS, and there are no outstanding vulnerabilities I am aware of.

    https://source.android.com/security/bulletin/
    06-14-18 02:55 PM
  5. Dunt Dunt Dunt's Avatar
    I know the USB Port is an access point for many Hacking Tools that Law Enforcement use, like Cellebrite. And that Apple's says they are turning it off after an hour.... Not sure if "charge only" is the same type of block for incoming signals.

    What that means for BBMo's devices... who really knows. I know "someone" will say "hardware root of trust and secure bootchain...." But Cellebrite does have the KEYone on their list of devices that they can perform "Physical extraction", "File system extraction" and "Logical extraction" on.
    06-14-18 03:16 PM
  6. conite's Avatar
    But Cellebrite does have the KEYone on their list of devices that they can perform "Physical extraction", "File system extraction" and "Logical extraction" on.
    Doubtful. The devil is in the details. The claim is based on physical access to the memory modules - and I'll believe it when I see it.
    Last edited by conite; 06-14-18 at 08:08 PM.
    06-14-18 03:21 PM
  7. Soapm's Avatar
    I have nothing to hide so not worried personally about Celebrite...

    However, you would appreciate it more if the information they obtained kept you, your family or friends safe and from harm...

    I more worry about Celebrite getting out where that technology can be used maliciously, which is why we really need the ability to remotely FDISK your phone leaving no trace of what was there...

    But the real bottom line, don't lose your phone.
    06-14-18 04:25 PM
  8. sorgo's Avatar
    use a USB condom (not kidding)
    https://int3.cc/products/usbcondoms
    06-14-18 05:12 PM
  9. elcheapodeluxe's Avatar
    use a USB condom (not kidding)
    https://int3.cc/products/usbcondoms
    Yeah - that is a viable option for things like rental cars, but it does not protect my phone if it gets taken. Yes, it is true that there really isn't anything on my phone that law enforcement would care about right now - but I feel that their phone cracking smacks of unreasonable search and seizure and even if they don't find evidence of committing any crime I should be protected from that type of search.
    FF22 and Uglyindian like this.
    06-14-18 05:44 PM
  10. elcheapodeluxe's Avatar
    I have nothing to hide so not worried personally about Celebrite...

    However, you would appreciate it more if the information they obtained kept you, your family or friends safe and from harm...

    I more worry about Celebrite getting out where that technology can be used maliciously, which is why we really need the ability to remotely FDISK your phone leaving no trace of what was there...

    But the real bottom line, don't lose your phone.
    And don't become the subject of any investigation. Which, of course, is something even innocent people are sometimes subjected to.

    And it is already established that CBP can search your phone when you enter the USA. Locking the USB doesn't even help you there because they can compel you to provide the password to gain entry to the country.

    Also: Irony.

    Enforcing security on USB port-cellebrite.png
    06-14-18 05:46 PM
  11. Soapm's Avatar
    And don't become the subject of any investigation. Which, of course, is something even innocent people are sometimes subjected to.

    And it is already established that CBP can search your phone when you enter the USA. Locking the USB doesn't even help you there because they can compel you to provide the password to gain entry to the country.

    Also: Irony.

    Click image for larger version. 

Name:	cellebrite.png 
Views:	82 
Size:	26.1 KB 
ID:	436934
    Yup, but five wrong passwords and it's wiped... BB got that one right.
    06-14-18 06:13 PM
  12. elcheapodeluxe's Avatar
    Yup, but five wrong passwords and it's wiped... BB got that one right.
    Apple had essentially the same thing - but the fact that the USB wasn't freaking blocked meant a backdoor was found to push software into the phone that bypassed the wrong try count.

    Thus... let's return to the start of the thread and see what this whole thing was about... ah yes! I would like to find out if we can make the USB dead to the world when the phone is locked.
    06-15-18 12:51 AM
  13. sandyhois's Avatar
    If I connect my locked phone to my pc it connects in charge only mode. The model of the phone shows in my pc file manager but the files cannot be accessed. Perhaps the model number must be known to the connected device so the device can "detect" the charge type/level? I would like to know specifically what info other than model may be accessed by the connected device (like a rental car) if anybody knows anything about that. Like the thread originator, I expect none but wouldn't surprise me to learn otherwise and would appreciate BB shutting that avenue down (with a software condom) if possible!
    FF22 likes this.
    06-16-18 04:43 AM
  14. FF22's Avatar
    If I connect my locked phone to my pc it connects in charge only mode. The model of the phone shows in my pc file manager but the files cannot be accessed. Perhaps the model number must be known to the connected device so the device can "detect" the charge type/level? I would like to know specifically what info other than model may be accessed by the connected device (like a rental car) if anybody knows anything about that. Like the thread originator, I expect none but wouldn't surprise me to learn otherwise and would appreciate BB shutting that avenue down (with a software condom) if possible!
    I guess the theory or fear is that if even that amount of info is shared over the usb cable, additional access may be lurking somewhere?????
    06-16-18 10:09 AM
  15. stevec66's Avatar
    Rented a car recently in the UK, at Healthrow, I was amazed that the previous renter(s) did not reset inboard Statnav (GPS) I was able to see there previous locations with full addresses including house numbers. Just a reminder to clear away that info before returning the vehicle.
    06-16-18 11:13 AM
  16. Kumba42's Avatar
    It's doing more than that if it is identifying itself as an MTP type device, providing a name, handshaking with a car to communicate the desirability of an app, etc....

    I don't care about the power draw, I do care about the information being exchanged on the data bus.
    This is built-in to the USB protocol. When an operating system detects an event from the USB controller that a device was plugged in, it will also receive information including a vendor ID and a device ID. These are usually 16-bit integers, and in Windows, they take the form of:

    USB\VID_xxxx&PID_xxxx&REV_xxxx

    With the 'xxxx' being the ID's in hexadecimal (base 16) notation.

    See these two sites for more info:
    https://docs.microsoft.com/en-us/win...sb-identifiers
    https://usb-ids.gowdy.us

    When the OS gets this information, it can obviously look up what was plugged in a database and then take some kind of action. In the case of the Camry, it figured out the device was a mobile phone of some type, like a generic Android phone, and it offered up an app to interact with it. In Windows, the action that happens depends on which drivers are loaded.

    Windows doesn't keep an extensive repository of drivers, so the default might recognize it as a standard mass-storage device or android MTP drvice (depending on OS). If specific drivers are loaded, Windows can hand-off to that driver for identification and device-specific functionality.

    If the device being plugged in doesn't connect up the data pins (for USB1 and USB2; USB3 is a diff animal), then the OS has no idea anything happened. The low-level hardware will register a new source of power draw, but that's it. That's how USB ports on wall sockets work. But since they're "dumb" ports, they will emit a standard power draw as specified by the minimum USB spec they implement.

    Your charger, OTOH, does full communications to negotiate the power draw. Part of the Qualcomm Quickconnect (or whatever it is called) feature.

    In short, there's no straight-forward way to disable the data comms when plugging in to a standard computing device unless you invest in one of those USB "condoms" that someone else posted about. For charging in a car, you'd be better off getting a cigarette lighter adapter and using one of those. The fancy models will act like your charger and negotiate power draw, but nothing will be passed back to the car's computer because cig lighter sockets are electrical-only.

    Just be careful with those adapters. I've pulled the entire cig socket out of my center console before because the adapter was a tight fit.
    anon(2695703) likes this.
    06-18-18 09:40 AM
  17. elcheapodeluxe's Avatar
    This is built-in to the USB protocol. When an operating system detects an event from the USB controller that a device was plugged in, it will also receive information including a vendor ID and a device ID. These are usually 16-bit integers, and in Windows, they take the form of:

    USB\VID_xxxx&PID_xxxx&REV_xxxx

    With the 'xxxx' being the ID's in hexadecimal (base 16) notation.

    See these two sites for more info:
    https://docs.microsoft.com/en-us/win...sb-identifiers
    https://usb-ids.gowdy.us

    When the OS gets this information, it can obviously look up what was plugged in a database and then take some kind of action. In the case of the Camry, it figured out the device was a mobile phone of some type, like a generic Android phone, and it offered up an app to interact with it. In Windows, the action that happens depends on which drivers are loaded.

    Windows doesn't keep an extensive repository of drivers, so the default might recognize it as a standard mass-storage device or android MTP drvice (depending on OS). If specific drivers are loaded, Windows can hand-off to that driver for identification and device-specific functionality.

    If the device being plugged in doesn't connect up the data pins (for USB1 and USB2; USB3 is a diff animal), then the OS has no idea anything happened. The low-level hardware will register a new source of power draw, but that's it. That's how USB ports on wall sockets work. But since they're "dumb" ports, they will emit a standard power draw as specified by the minimum USB spec they implement.

    Your charger, OTOH, does full communications to negotiate the power draw. Part of the Qualcomm Quickconnect (or whatever it is called) feature.

    In short, there's no straight-forward way to disable the data comms when plugging in to a standard computing device unless you invest in one of those USB "condoms" that someone else posted about. For charging in a car, you'd be better off getting a cigarette lighter adapter and using one of those. The fancy models will act like your charger and negotiate power draw, but nothing will be passed back to the car's computer because cig lighter sockets are electrical-only.

    Just be careful with those adapters. I've pulled the entire cig socket out of my center console before because the adapter was a tight fit.
    So what you're saying is that Apple can figure out a way to disable a usb port after an hour, but nobody on the Android side can? I agree that the best way is to use a separate charger. In fact, I almost always do. This is not about rental cars - it is about a demonstration that the data bus is open for business, and any bus that is open - even when one does not obsensibly have permissions to use it - is a vulnerability waiting for an exploit. You're missing the forest for the tree here - the concern is about the ready-to-communicate nature of the USB jack on a Blackberry (or other device), a vulnerability similar (or identical) to that which Apple has recently recognized and promised to fix.

    Also, the Camry isn't popping up the message on the Camry's screen, it is popping up the message on my Blackberry's screen. Even when the Blackberry is set specifically to "Charge only". Each and every time it is pugged in. I seriously doubt my device is popping up this message based strictly on the USB identifier of the car. Even when on "charge only" there is some unblocked data exchange which permits communication between the devices.
    sandyhois likes this.
    06-18-18 01:14 PM
  18. qwerty4ever's Avatar
    I have nothing to hide so not worried personally about Celebrite...
    Congratulations! You win the dumbest comment award for 2018 and the year is not half finished.
    06-18-18 08:10 PM
  19. Soapm's Avatar
    Congratulations! You win the dumbest comment award for 2018 and the year is not half finished.
    Wow, you trumped me and took my dumbest comment award. You thief!!!
    06-19-18 02:58 AM
  20. DallinCrump's Avatar
    I have nothing to hide so not worried personally about Celebrite...
    The cognitive dissonance required to make a statement like "I have nothing to hide" is truly astonishing.

    Everyone has something to hide.
    06-19-18 08:46 AM
  21. Kumba42's Avatar
    So what you're saying is that Apple can figure out a way to disable a usb port after an hour, but nobody on the Android side can?
    The port on the bottom of an Apple device is called a Lightning port, and it is not USB-based. it's something proprietary to Apple. Since they control both the hardware and the software, they can dictate how a data port will operate.

    https://en.m.wikipedia.org/wiki/Lightning_(connector)

    USB is an industry-wide standard, and in order to meet specifications, device manufacturers that incorporate USB ports have to follow that standard. Any deviation from that standard will ultimately cause problems somewhere. Not that this has stopped anyone in the past.

    E.g., the Nintendo Switch uses USB-C for charging and video out. I tried plugging my Switch's charger into my K1 once, and the charger basically disabled itself. I had to unplug the charger from the wall for several seconds before it'd work again. This implies Nintendo's got something unique in the charger's embedded firmware that only works with Switches. Conversely, my K1's charger can slowly recharge a Switch just fine.


    ... the concern is about the ready-to-communicate nature of the USB jack on a Blackberry (or other device), a vulnerability similar (or identical) to that which Apple has recently recognized and promised to fix.
    I don't know if the specs for USB-C port or the USB3.0 protocol allow for something similar to what Apple has done to the Lightning port. I was simply trying to provide some basic technical detail to how the USB protocol initially chats to whatever it was plugged into. Obviously, a proprietray port design can be molded to do whatever its designer wants, but an industry-wide specficiation cannot be changed w/o agreement from all participating members of the industry.

    Some will argue this is a benefit for Apple. Some will cry foul. Everyone's got an opinion ::shrug::


    Also, the Camry isn't popping up the message on the Camry's screen, it is popping up the message on my Blackberry's screen. Even when the Blackberry is set specifically to "Charge only".
    Just out of curiosity, when you say you've set the BB to "charge only", do you mean that you've enabled the hidden developer option item in settings and changed the USB config there?

    I'm not an android app developer or anything, but a couple of quick searches on Google suggest that what you are seeing is your BB detecting Toyota's infotainment system as an "accessory", and then suggesting an app to interact with that accessory. This appears to done by a function of Android called "intents".

    References:
    https://developer.android.com/guide/.../usb/accessory

    I looked around for anything that can analyze intents, and there's a couple of apps on the Play Store, including a Tasker plugin, that look like they let you monitor and maybe manipulate intents. I can't vouch for any of them, though. Might be worth investigating down that path if you want.

    Keep in mind that the nature of a hardware device doing even basic communications with another on insert goes back years, even decades. Viruses used to copy themselves to a floppy disk's boot sector the instant you popped the disk into the drive. No interaction required. And upon putting that floppy into a clean system, your C:\ boot sector became infected. It seems hardware designers forget this lesson every generation or so. E.g., the autoplay fiasco of earlier Windows releases comes to mind, and we're witnessing it again in the era of smartphones.
    06-19-18 09:36 AM
  22. elcheapodeluxe's Avatar
    Wow. Lots of words. I already know about data buses, boot sectors, and the difference between the protocol and the physical manifestation within a connector. I didn't learn anything new from slogging through all of that except that you are very committed to the idea that it can't be done.
    06-19-18 10:28 AM
  23. Soapm's Avatar
    The cognitive dissonance required to make a statement like "I have nothing to hide" is truly astonishing.

    Everyone has something to hide.
    Everyone??? Things we say when we don't know what to say or when we think our ways and thoughts are "EVERY BODIES" ways and thoughts??? I'm not you and don't think you should be speaking for "everyone"...

    Or, perhaps I am no one because I've traded in darkness for light many years ago and no longer seek or find protection in human effort. The un-pickable lock and un-crackable safe are but a prideful challenge to the one who says I can pick any lock or crack any safe. Crazy to me would be one who patronizes that circle of madness. Goodness and mercy have my back covered (Ps 23:5).

    But if I were to have something to hide, it wouldn't be in my wallet, personal bank account or a cell phone that can be lost, stolen or misplaced. As for authorities, subpoena'd phone records will give them most of what they want to know, if you're living that life, I sure wouldn't carry a cell phone that tracks your every move and logs every conversation.

    Locking the USB port is like a hide a key, it's a false sense of security, don't have it on your phone is your best security...
    06-19-18 10:31 AM
  24. DallinCrump's Avatar
    Everyone??? Things we say when we don't know what to say or when we think our ways and thoughts are "EVERY BODIES" ways and thoughts??? I'm not you and don't think you should be speaking for "everyone"...

    Or, perhaps I am no one because I've traded in darkness for light many years ago and no longer seek or find protection in human effort. The un-pickable lock and un-crackable safe are but a prideful challenge to the one who says I can pick any lock or crack any safe. Crazy to me would be one who patronizes that circle of madness. Goodness and mercy have my back covered (Ps 23:5).

    But if I were to have something to hide, it wouldn't be in my wallet, personal bank account or a cell phone that can be lost, stolen or misplaced. As for authorities, subpoena'd phone records will give them most of what they want to know, if you're living that life, I sure wouldn't carry a cell phone that tracks your every move and logs every conversation.

    Locking the USB port is like a hide a key, it's a false sense of security, don't have it on your phone is your best security...
    I think you are speaking from the false assumption that only people who are doing something wrong would want or need privacy.

    When I say everyone has something to hide, I mean that we all have information that, if it got into the wrong hands - whether a government's or criminal's (but alas, I repeat myself) - could be used to make our lives miserable at best or destroy us at worst.

    Don't believe me? Just post your full name, address, SSN, credit card and bank account numbers, login credentials to your online accounts, etc. on a public forum such as this. God's goodness and mercy won't be able to protect you from the temporal consequences.

    It doesn't matter if you are a perfect, upstanding, law-abiding citizen. You should never assume that you could never be targeted by malicious people or organizations. If you assume so, you have not learned from the lessons of the past - 1930's Germany, for example.

    And I agree you should be careful about the information you keep on your devices and share online. But it's also not feasible for most of us to go completely "off-grid" and cut ourselves off from the rest of society. We live in a world where we need to use internet-connected devices to get an education, work to support our families, communicate with others, etc.

    If locking the USB port can prevent even a single attempt to access the information on your phone, isn't it worth it?
    FF22 likes this.
    06-19-18 10:59 AM
  25. Soapm's Avatar
    I think you are speaking from the false assumption that only people who are doing something wrong would want or need privacy.
    There's the foil hat crowd too (ROFL)...

    When I say everyone has something to hide, I mean that we all have information that, if it got into the wrong hands - whether a government's or criminal's (but alas, I repeat myself) - could be used to make our lives miserable at best or destroy us at worst.

    Don't believe me? Just post your full name, address, SSN, credit card and bank account numbers, login credentials to your online accounts, etc. on a public forum such as this. God's goodness and mercy won't be able to protect you from the temporal consequences.
    You again mist the gist, don't have any of those things on your phone. Problem solved...
    If you do have them on your phone, would you really put all your trust in a USB lock?

    It doesn't matter if you are a perfect, upstanding, law-abiding citizen. You should never assume that you could never be targeted by malicious people or organizations. If you assume so, you have not learned from the lessons of the past - 1930's Germany, for example.
    You are a foil hat guy??? If you're that concerned about being targeted by malicious people then absolutely don't have sensitive information on your phone...

    And I agree you should be careful about the information you keep on your devices and share online. But it's also not feasible for most of us to go completely "off-grid" and cut ourselves off from the rest of society. We live in a world where we need to use internet-connected devices to get an education, work to support our families, communicate with others, etc.

    If locking the USB port can prevent even a single attempt to access the information on your phone, isn't it worth it?
    Never said become a hermit nor would I trust my sensitive information to a USB port lock, my theory is don't expose your flank. Obviously I use the internet daily, but I would never put something on the internet I can't afford to have exposed because, well, you're putting it on the internet??? Again, like the hide a key, USB lock is only creating a false sense of security, your best security is between your ears.
    06-19-18 06:12 PM
27 12

Similar Threads

  1. Making an EFTPOS payment using NFC on a BB 10OS phine
    By Harsha Perera in forum BlackBerry 10 OS
    Replies: 7
    Last Post: 06-20-18, 06:30 AM
  2. new mode on privacy shade is awesome!
    By FuzzyManas in forum Android Apps
    Replies: 5
    Last Post: 06-15-18, 08:02 PM
  3. ABA676 - Update received on Rogers
    By Luke Coughey in forum BlackBerry KEYone
    Replies: 8
    Last Post: 06-14-18, 06:53 PM
  4. Device locked on BlackBerry id login screen
    By Majorashry in forum BlackBerry Passport
    Replies: 2
    Last Post: 06-14-18, 09:11 AM
  5. Use on Sprint
    By John Ransom1 in forum BlackBerry KEY2
    Replies: 1
    Last Post: 06-14-18, 07:37 AM
LINK TO POST COPIED TO CLIPBOARD