I follow a blog called CFSimplicity which recently ran an article called "Too Simple ? USB Charging"...

In the article - the author details a chance encounter with someone who needed to charge their portable device. He discusses how happy the person was that he had a USB cable available to charge the device from the author's laptop during a meeting they were both involved in. Annnnnnnnnnnnnnnnnnnd then... the "GOTCHA!" appears.

The author notes that doing simple things like this are "actually a bit mad from a security point of view". Why? Because BOTH of them allowed their electronic devices to be connected to an "unknown" device - without giving it a second thought. Either device could have been a "carrier" of trojans/rootkits/virii/etc -and BOTH devices were then at risk.

Below is the comment I left - to add to what the author had already pointed out - as to other little things you can do to secure your personal data devices a bit better:


I have found a couple of "power only" USB cables - and those are normally the ones that I use for charging devices from my laptop/etc. However, you make a VERY good point from the security end of the house. People are becoming conditioned to simply plugging one data device into "any port in a storm" (to coin a phrase) and not worrying about "accidental" data transfer. Some other simple solutions are - put a PIN/passcode on your device. Most devices will not allow data transfer unless the device is "unlocked". Turn OFF the bloody Bluetooth - unless you are using it - and if you are - ALWAYS set a REAL BT Pairing key (not the default 123456, etc that the device sets by default). Just a couple of things to "harden" your portable/personal devices will aid in maintaining control of the data you store on your devices.