Original URL: http://www.theregister.co.uk/2011/02/09/miniusbs_and_common_connectors/

Superphone system-CRACKING cable of DOOM ... is quite handy

MiniUSBs and common connectors are a sysadmin's best friend

By Trevor Pott

Posted in Servers, 9th February 2011 16:00 GMT

It used to be that a large part of owning a cellphone, using it a lot, and being on the road involved hauling around a massive charging unit. When your plan expired, you got a new phone – and along with that came a new car charger, a new brick to plug in at home and a second one to be wrapped up in a ball and shoved in your briefcase or purse.

This changed a while back with the adoption of MiniUSB connectors by many manufacturers. The bulky adapters were gone, replaced by a single thin cable. The car adapter was replaced by a lighter socket-to-USB converter.

Better yet, MiniUSB cables were everywhere: MP3 players, external hard drives, card readers, cameras ... you name it. Best of all, since it seemed that everything has a USB port, you could charge your phone off of just about anything.

Sadly, not everyone jumped on the MiniUSB bandwagon. Most notably reticent was Apple; MiniUSB connectors were too fat for their iconic consumer tat. The cellphone industry flailed around for a while, however they eventually settled on MicroUSB as the way of the future.

Even Apple has given way; I have been led to understand that the next round of fondle-gadgetry to come equipped with standardised connectors – for charging, at least. This is certainly the case in Europe.

Surely though, I wouldn’t be so uppity about a mere charging source? As it turns out, there’s more to it than that. The proliferation of MicroUSB – both as an interface and also in the readily available plethora of cables – is a fantastic enabler for someone looking to get around security.

When the average punter stops to ponder the abilities of their iThingy, it’s usually to marvel at how they no longer have to carry around a separate MP3 player or video player.

In many cases, they have even managed to replace their netbook with the basic browsing features of their light-up vibrating internet fondletoy. They’d be right too: without rooting the device, this is about all the average punter can really get up to on Apple’s devices.

Thumbs up

Android, Windows Mobile, Symbian and RIM are all different. Here you can add “thumb drive” to the list; it was replaced by the humble MicroUSB cable. If your device has Wi-Fi and the administrator of the target network is lax enough to employ WEP or WPA, you own them...

Given the compute power available in modern superphones, cracking and joining said network is trivial. Android is a real threat here; the number of applications for the Linux ecosystem to do exactly this is staggering. With a modest amount of programming skill, cloud services such as Amazon’s EC2 make these sorts of tasks even easier.

For added fun and merriment, you can get USB 10/100 NICs that will – to varying degrees of success – work on many of these devices. Even if security won’t let you into the building with a notebook, the systems administrator has thwarted your removal of data via USB and there is no Wi-Fi to crack, you have a hardwired network node in the palm of your hand.

Phones are a great place to smuggle in MicroSD cards. My keychain has a MicroSD-to-USB reader that folds out of what looks for all the world to be a supermarket loyalty card. Left alone for just a few minutes with a target computer, I can boot it up into the Linux distro of my choice.

Having bypassed the operating system restrictions of the local systems administrator, I now can use one of those readily available MicroUSB cables to turn my phone into a tethered 3G modem. Suddenly I can funnel any information on the local hard drive (or any vulnerable information on the network) out through a VPN over my 3G to wherever I want.

As a systems administrator, this is terrifying. It has helped me though. I have recently found myself called in more than once to clean up some mess left either by a fired administrator, or simply one who was on vacation and unreachable. Business owners are both impressed and afraid when you can take apart years of their IT security with an HTC Desire.

The threat of superphones has served me well. As a method of scaring the suits white enough to allow me to implement some real security measures, it’s priceless. So consider this article a thank you to the humble MicroUSB cable – you keep me employed. ®