CREATOR RESPONSE

Link to Kickstarter.

I’m a really big fan of this one. A few months ago, a bunch of news outlets reported on the potential for hackers to to install malicious hardware on public USB charging stations. The idea is that while you think your phone is just charging, malicious hardware could be potentially accessing sensitive information on your phone made available over a USB connection. LockedUSB has found a way to mitigate that problem by constructing an adapter that simply removes the data pins from the USB line and only passes the power pins through.

But it gets better.

They also claim that the device has a “Power Optimizer”. How does this work? It’s simple!

“Inside the adapter we have a dedicated controller chip and current limiting power switch. An auto-detect feature monitors USB data line voltage, and automatically provides the correct electrical signatures on the data lines and allows portable devices to fast charge at their maximum rated current while keeping the data lines completely isolated.”

So what does all of this mean?

If you’re a smartphone user, you might have noticed that some chargers recharge your phone faster than others. The rate at which a phone charges is proportional to the amount of current flowing into the phone, and some chargers can supply more current than others. The problem is that it’s much easier for a gadget to limit how much current it draws than for a charger to limit how much it can supply. Because of this, a number of specs were designed to indicate to the smartphone what kind of charger it’s connected to.

These specs are actually very simple. I’ve dealt with one personally before when I built a mintyboost charger a few years back. Basically, you connect the USB data lines to a specific voltage and that indicates to the smartphone how much power it can draw. Different voltages indicate different current levels, and these voltage levels can easily be created with a simple voltage divider off the USB power pins (though these guys are using the slightly more sophisticated TPS2511).

So the solution the LockedUSB folks came up with is using this adapter to forge a higher current rating for whatever power supply the phone is connected to. But did they ever stop to think why those limitations were put into place in the first place?

There are three ways I see this device being used:

The charger it’s connected to is rated for a high current or at least can be driven above its rating with no major issue. The charger can not supply enough current and its output voltage drops. Eventually, the cellphone picks up on this and stops drawing power from the charger. This causes the charger’s voltage to rise and the phone to reconnect. This oscillates back and forth until you get annoyed by your phone lighting up every 3 seconds and unplug it. The charger tries its hardest to maintain 5V output despite your new iPad drawing twice what it is rated for. The amount of current blasting through its lower capacity components causes it to heat up and it eventually burns out or burns up.

Seriously, look at this thing work:

Here’s an iPad connected to a laptop with a normal cable:

It’s drawing just under the 500mA limit specified in the USB protocol. In this case, the charging current was negotiated by a set of digital messages sent back and forth between the iPad and USB host controller on the laptop instead of a voltage indication. Now let’s remove that digital interface and add the LockedUSB adapter:

Holy hell! It’s drawing more than twice what it’s supposed to!

Now, I’m guessing that what’s happening here is outcome #1 listed above. Even if it were to fail, most USB host controllers are smart enough to identify a current surge and disconnect power before taking on any damage, but your average cheapo brand charger might not fare so well.

Now maybe there’s something I’m missing here. They do talk about some kind of circuitry inside the connector that automatically “switches between multiple configurations, in order to guarantee maximum charging power which reduces charging time“, and they have fancy pictures:

But any mention of the words “safe”, “safety”, or “safely” talk about the potential security risks that this device mitigates and any mention of “fire” is in the word “firewall”.

Some comments by the creators are even less reassuring:

” I understand that limiting the current to 1Amp is a drawback for 10W devices (5V@2Amp), however this allow to safely charing your device from any USB port…The Current limit was set to make it safe and compatible with as many USB devices as possible, however it is not set on stone just yet, we will do more testing, we will do our best to get our hands on 10W devices including the Galaxy S4 and determine a Limit value that would be acceptable to all of our backers.”

And later…

“We are working on a couple of updates, on one side we found a couple of ways to increase the current limit to 2.1Amps in a safe way for USB port that complied with the USB Charging standards.”

Maybe I’m thick, but I’m really curious how this device is supposed to magically prevent catastrophic failure of an unknown charger when it’s being drawn way over its capacity.

LockedUSB