Lets say at your office they have a built in phone recharging ports at peoples workstations. Nice, you just plug your phone into the charger. They require any phone charger to use only these ports and these ports only.
But, since the charging port is also a data port could this be secretly a hacking port where they can download the contents of your phone?
Well, most phones have precautions where they require you to confirm that you trust the device that they’re plugged into before giving it any data. iPhones have a simple “Do you trust this computer” popup, and most androids have a couple of different data connection modes, defaulting to “no data, I’m just here for the juice.” 
How do you know it’s also a data port?
I think the OP is saying, since a USB port can be a data port, how can I make sure this random public USB outlet isn’t a data port connected to some hacker’s device?
As already mentioned, most phones will prompt the user before establishing a data connection. If you want to take further precautions, there are adapters like this that block the data connection; some people call them “USB condoms.” They also sell charge-only cables that do the same thing.
I have a monitor with built-in USB hub (one type B for connecting to the computer and a couple of type A for connecting to various USB devices). The type A ports give power whether or not the type B has anything plugged in to it, so there’s no danger of hacking unless there’s full-fledged computer hidden in the monitor control circuitry.
Ok, thanks for the feedback.
On a only slightly relevant note, most built-in USB ports are crap. Newer smartphones and tablets typically want high-output USB ports (2A or 3A or greater), and the Type-C ports can go even higher. Even if you’ore not worried about hacking, your phone will probably charge MUCH faster if you use the charger that came with it random than a random USB port built into a desk.
Yes, what I read was there’s an original USB default power and fancier USB ports have the ability to negotiate upward to a much higher milli-amperage to charge your power hungry device at a much higher rate.
This says that all USB’s on a computer will typically pull from the same 500mA source so the best you would get is 500mA, but typically the electronics allows 100mA per port. Standalone chargers or fancier PC’s with specific charging USB ports may allow up to 1.8A (all 5V) with negotiation.
But as for data hacking - depends on the phone. As mentioned, USB ports are (can be) data ports too. But, the port would have to know how to bypass the default security. No problem, computer security is always 100%, right?
I haven’t heard of any hacks done by “free power” USB outlets, but the possibility is always there.
That is really old and they go way above 1.8A now. 2 or 3 A is pretty standard, with Type C capable of negotiating up to 20V*5A for 100W power.
And hacks do happen experimentally, though real-world I think the risk is negligible. But why risk it? It’s basically unprotected USB sex with strangers.
Nothing to worry about. Newer smartphones give you a prompt asking you whether to allow certain access. I suppose I could see that if you plug it into a computer (not the monitor) and windows automatically installs software for the phone, there could be a trojan in place on the computer to automatically access and download data from newly installed devices. That could happen, but there are also routers and firewall software that prevent unauthorized outgoing data as well. Its very very unlikely. If you want some peace of mind you can enable developer options (if you have an Android phone) and make sure the settings are such that they disallow usb access.
Here’s a page to help you if needing to do that;
Bolding mine. Of course that’s exactly as secure as that section of the phone’s system software. Which, like any other piece of software, is at least a smidgen suspect.
The whole and entire point of hacks is that they bypass what *should *happen and instead make something else happen.
If one is concerned, use a condom or charge-only cable. Malware can’t overcome a true hardware block. Yet.
========
Going back to the OP, I’m curious about this part: “…They require any phone charger to use only these ports and these ports only. …” Do you mean that they require that if you use a USB cable to charge your phone, you must plug it into that port and only that port? Or do you mean that plugging your personal wall-wart into a conventional 120V power outlet and plugging that into your phone is prohibited?
Prohibiting the former could be that they’re trying to protect their computers and networks from phone-based malware, not vice versa. So they have that computer port blocked to be power only, so there’s no way for your phone to infect their PC. “No way” of course being contingent on the reliability / unhack-abiity of whatever blocking stuff they’ve installed on the computer.
Prohibiting the latter would be weird. It’d be forcing people to charge phones via their PCs vice wall power. That seems like a policy that would only be useful if they did intend to monitor phones.
Or it’d also make some sense if building management was somehow anal-retentive about any and all personal devices plugged into the 120V building power. Which may have some merit if they’ve been hammered by the fire marshal about extension cords, space heaters, and all the rest of the crap people plug into their cubicle in violation of commercial building codes.
Or it could just be a fairly way-out-there hypothetical to fence in the discussion and avoid escapes like “I’ll just plug in my wall-wart”. Of course, “I’ll just plug in my ‘power only’ USB cable” is a similarly effective escape, but I think OPP wanted to make the potentially-evil USB port an unavoidable hazard, for the sake of [del]paranoia[/del] discussion. Because fighting the hypothetical is bad, mmmkay?
Remove the data wires in your charging cable. Problem solved.
Yes, the iPhone charger hack is for version 6 of iOS - They’re up to what, 11? Presumably Apple programmers are more in tune with the need to protect iPhones than they were earlier. However, anything programmed by humans is never 100% guaranteed… except that as holes are demonstrated in software, the company making the software should be correcting them and sometimes does.
he other way around is more problematic - USB devices automatically load their drivers into a new PC when plugged into a USB port. Not a lot of effort has been put into protecting from the driver software, as opposed to the auto-run software installed on the device. A hacker would have to delve deep into the guts of USB device programming; that would require some complex programming and fancy resources by a larger group, and what are the odds that a corporation, or maybe a large government organization, would engage in illicit hacking?
The answers here surprise me.
When I plug an iOS device into a bog-standard Windows 7 laptop, I can immediately access the device’s photos and videos from Windows. I don’t have to confirm anything on the device. It’s totally open. It interprets it as a removable storage device and prompts me to open said storage device’s contents.
I never plug my devices into untrusted USB ports.
I assume that is with a laptop that you have already identified as trusted. When I plug in my phone to my home laptop, it opens things right up with no prompt. If I plug into my work laptop or a strange computer, I get asked if I trust it.
Hmm. I don’t recall ever having to do that, but maybe my memory is faulty here. Over probably four laptops and probably five iOS devices across the past decade, I feel like I would have remembered a “trust” prompt at some point. I see an example at, say, this apple.com page, but I can’t for the life of me recall ever having faced that prompt.
Apple is remarkably good at asking a major security question exactly once and giving you no way to ever revisit the question or revoke your initial approval.
So now my company-issue iPad tablet trusts every SSID claiming to be from a Hilton. Even ones it finds miles from the nearest actual factual Hilton. Thanks Steve.
Maybe they should sell clear safe charging condoms, which are little adaptors to put near your phone, so the presence of only two wires (therefore no data , just power) is clearly there.
Of course someone could produce fake safe charging adaptors that actually provided data flow. So many you should use your own.
Charging may be one way a hacker could introduce a backdoor attack software (like a virus… for hacking… opens a backdoor for data flow ) into a target company.
They could just leave free power adaptors at restaurants and other public areas near a target’s office… the point being the adaptor could have RAM and CPU in it, etc, in order to install the backdoor software onto the phone…
Without the data lines, the device and adapter cannot negotiate the current draw, so the port will be stuck at the default 5v 100mA (at least for older USB standards). Makes for slow (if impossible) charging.