The standard can say cables "must" support things all day long, but that doesn't mean they will. Remember when Benson Leung's laptop got fried by a standard-violating SURJTECH brand cable from Amazon? https://web.archive.org/web/20160206010526/https://www.amazo...
They absolutely do. I have three and use them all the time. Use case (beyond charging) to have them right in the box is that they can be used to transfer data from a previous Mac to a new one upon setup (heir to the good old "target mode" that used to turn a Mac into a USB mass storage device), or for T2/Apple Silicon to debrick the device by entering DFU mode.
Just got a fourth (shorter, different from MacBooks) one with my new iPad, it has data too, which I just used yesterday to restore the encrypted local backup from my previous iPad and perform a new local backup. I bet the cable shipped with these new iPhones is the same as with the USB-C iPad ones.
That sounds highly unlikely, the one that came with my MBP supports everything up to Thunderbolt. But USB is ridiculously complicated, and sometimes better cables fail on shitty devices; I've seen it a few times with camera equipment where I really needed the cable that came with it because higher specced ones just didn't work.
True if they are referring to the MagSafe cable. If referring to USB C to C, they’re mistaken. The charging cable for all MacBooks does support USB 2 data rates.
The charging cables included with MacBooks do not support Thunderbolt. Just USB 2.0 data.
I do have an Apple Thunderbolt cable which supports charging (of course), but it was a separate purchase. The Thunderbolt cable looks similar but is a bit thicker, and has the Thunderbolt logo printed on the connectors at each end.
It's actually not technically possible for a faulty USB-C cable to function as a (> 5V) charging cable without data, because the power delivery negotiation happens over the data connection.
For USB C-C cables PD and passive 5V (5K1 pulldown) is negotiated over a separate CC pin from the USB2 D+/- pins, so it's theoretically possible if the D+/- lines are not connected/damaged.
USB A-C cables are entirely separate, there is no CC line, only a fixed always-on Vcc pin at 5V.
I believe at least the CC connection needs to be intact for a conformant power adapter or device to even output any voltage for charging for a C-to-C cable.
It might be possible to omit the D+ and D- wires, but that disqualifies many legacy charging protocols as well.
No, and juice jacking is entirely possible right now. It's just more difficult to do than many other types of hw attack & too costly to deploy in random indiscriminate public ports, making it less than viable for most cases outside of nation-state targeted attacks.
Generally speaking any documented cases of juice jacking happening are just red teams doing PoCs.
BadUSB-C[0] builds upon the original 2014 BadUSB's HID emulation approach but takes advantage of USB 3.x DisplayPort to process video stream to make decisions & validate the success of the HID emulation steps.
It's too esoteric & expensive to be viable at any scale, but it's definitely functional.
If you bother to read more than the abstract, you’d realize this isn’t an attack. It’s a framework for possibly creating new attacks, which after extensive research yielded precisely zero code execution bugs. Gotta print something after wasting a whole semester I suppose.
When I say unsubstantiated rumor, this is what I’m talking about.
I'm curious about what you think they "tried and failed", and what exactly success looks like for you.
You mentioned "code execution bugs" - what is that exactly to you? I presume you don't count HID emulation, so I'd be interested in what exactly does count.
Code refers to computer code, sometimes called “shell code”. Execution refers to getting that code to run.
They didn’t get anything unexpected to happen on the device. You really should read the paper, it’s a masterclass in making nothing sound like something.
In a word, yes. The code execution CVEs, especially for iOS which is the subject here, all start with <=2014. There has been a huge amount of work since then (accelerated by the research device program).
It’s a favorite boogeyman of the “nation state actors are under your bed” crowd. Which is stupid because they all recommend avoiding public charging and would they be doing that if they were siting on high-quality exploits?
There’s a reason NSO doesn’t target USB, and it’s not because they enjoy creating VMs in the image decoder.
Juice jacking tends to use HID emulation - that's feature abuse, not CVE exploitation.
The point is it isn't viable at any scale - nation states advise avoiding public charging because employees of companies they subcontract have been individually targetted. They're not going to be doing any indiscriminate mass exploitation of the general public with it though.
That’s absurd, no it doesn’t. It refers to a combination of the 2011 defcon demo of eliciting a device to sync data by default and a fever-dream of getting code execution by abusing the USB stack.
You’re thinking of BadUSB or OMGCable.
1) which is a totally different attack
2) not especially applicable to smartphones
3) very much a thing that happens in real life (I have responded to incidents where one was used)
Lastly, there are plenty of CVEs issued for “feature abuse”, that’s a meaningless distinction.
I'm always puzzled when people say that. When you buy small electric gadgets that come with USB-C, almost all of those bundled cables come without data transfer support.
I think this is only true for charging cables that are USB-A to USB-C. I have some of those lying around, also from cheap gadgets. But I would not recommend using them for data transfers anyway.
GP's point is that those are not, by definition, USB Type-C cables (even though a bootleg can still function like one for some use cases), and Apple is not likely to sell USB non-conforming cables.
> Apple is not likely to sell USB non-conforming cables.
I remember Apple intentionally selling non-USB conforming cables for the keyboard on the early iMacs. There was a little notch in the USB cable which meant that it couldn't plug into a standard USB port. The urban legend at the time was that it also meant that they didn't have to include the USB logo on the cable, better matching Steve's aesthetic preferences.
If a USB-C to USB-C cable only had wires for VCC and GND, here's what wouldn't work:
* Data (this one is fairly obvious)
* Power (since the CC wire in the cable is missing, and a compliant USB-C power source will refuse to output power unless the CC wire is terminated on the other end which signals what type of device it is)
Can’t the cable terminate it instead? That would save a lot of wire, and consumer expectations for USB-C reliability are just above “might catch fire” and below “I’d be surprised if the cable was incompatible or failed so quickly”.
You'd end up with a cable that only worked for "slow charging" (5V / 500 mA), and even then only in one direction (because the cable could only pretend to be Rp+Ra or Ra+Rd for one side). It's easier to do the right thing.
then we live in a world with extremely low adoption of this standard. why race to replace lightning with a standard that doesn't have good market penetration?
if you can't walk into the store and pick up a usb-c cable (because we've agreed that cable sold at the checkout counter isn't a real usb-c cable) then why does this standard matter?
Glorifying government intervention into market economics (and forcing a changeover of an entire ecosystem of hardware, producing innumerable e-waste) seems like an odd take for HN's libertarian culture.
Same thing with the sideloading, it's not enough that android lets you do it, apple's business model centered around the iphone as a secure endpoint has to be completely outlawed.
kinda seems the android idea just isn't resilient enough to stand on its own in the market without government intervention to literally outlaw competition with it. given how obtuse and anti-consumer the USB-IF body tends to be, this probably won't end well in the long run.
and this isn't even going into the e-waste problems resulting from the android software lifecycle or the lack of OEM support lifecycle for parts availability, etc - all of which are simply swept under the rug in the headlong rush to coronate a market winner by government fiat.
it's easy to see that with the lack of concern over e-waste, and the lack of concern over sideloading in other situations (like consoles) that this was never really about e-waste at all, it was just legislating a solution to the android vs iphone wars. And that's fundamentally disappointing - fanboy wars should not be the basis for governmental policy and regulation.
In the shadow of encroaching regulatory despotism, the luminous innovation of the iPhone was threatened with bureaucratic shackles by the European Union. The relentless march of progress was halted, as the central planners decreed that every charging port must bow before the altar of uniformity. No longer could Apple's vision for a sleek and efficient Lightning connector reign supreme; instead, the heavy hand of Brussels demanded compliance with the USB-C standard. The champions of individualism and choice saw their liberty erode, replaced by the stifling straitjacket of conformity. The spirit of innovation, once ignited by the entrepreneurial genius of Silicon Valley, flickered in the face of such top-down directives, leaving a world dimmed by uniformity, where the art of technological diversity was sacrificed at the altar of bureaucratic convenience.
I don't understand - many devices that aren't android phones use USBC. The only devices on earth that used lightning were Apple ones, and not even all their devices (laptops) use it.
Standards and interop are good. If the "free market" refuses to align on that value I'm happy for another mechanism to force it to happen. Judging from this thread, I'm not alone in that.
>Glorifying government intervention into market economics (and forcing a changeover of an entire ecosystem of hardware, producing innumerable e-waste) seems like an odd take for HN's libertarian culture.
Not everybody is libertarian here, many are pragmatic, and are not dogmatic when a regulation is good.
For example, we also don't lament how there are standards in power plugs, and we don't have to juggle with 20 competing power outlets from different companies in our own country for the benefit of the "free market", nor are naive enough to believe that the better one would just have "won". That's for "ideal over utility" libertarian types.
All USB-C cables must support USB 2.0 480 Mbps data transfer, at minimum. There’s no such thing as a USB-C cable that doesn’t support data.