Ask HN: Why do laptop chargers have data wires?
Chargers should only charge, there shouldn't be any data transfer. When it comes to security, we should not give something more privileges than it requires to do its job. Why do laptop chargers have data wires?
Maybe you have heard of usb condoms? It's a usb-c to usb or vice versa adapter where you modify it by removing the data wires which are on the sides. Then there is only power. Why don't the charger manufacturers do this themselves and remove the data wires if there is no purpose for them? It creates an unnecessary security risk by having the data wires.
What are your opinions on this? How do you approach this security threat? Or do you not do anything about it at all?
The marginal happiness for 1% of security nerds would be vastly outweighed by frustration for 99% of people who don’t care.
I don’t want a bunch of broken fake USB-C cables lying around that work for slow charging only and will totally fail when used with my mouse, keyboard, running an external display, etc. I get these kinds of USB-C cables from time to time in boxes with mediocre gadgets and throw them out! Anker’s whole brand was originally based on testing USB cables to weed out the broken ones after all.
What is the threat model here anyways? My approach to security when charging my devices is:
1. Use my own charger and cable
I am not worried about my power supply brick getting pwned by a rootkit delivered via the airplane’s AC power mains and then that pivoting to my laptop.
So is the threat that my power brick got pwned on its way from the factory to me?
My inlaws were trying to transfer files to a PC from their phones with one of these non-data cables. Even my somewhat tech-savy partner didn't know non-data cables.
I taught them the trick about feeling the cable stiffness, I showed them a type-c cable without data vs one with data vs thunderbolt3 type-c. They just couldn't understand why it wasn't working until I showed them there was a physical and tactile difference in the cables.
Wild that the best way to tell what kind of USB cable you've got is the equivalent of knocking on a melon to see if it's ripe.
In usb-a cables you can actually see the pins themselves missing looking into the connector from the outside; in usb-c not so much (or at least i could not really see anything there). I could never figure out how to determine a no-data usb-c cable, though I have only even seen one anyway.
The problem with stiffness etc is that there is already a lot of variability on usb-c cables, though there could definitely be something there that I just did not notice.
I assumed that the threat model includes been given a power brick that is already pawned (maybe has some chip with GSM access and somebody is gonna hack your computer through it or sth, or exploits some unknown zero day). And I would assume that is nation state level of a threat, either a supply chain kind of attack or more targeted.
Personally I have come accross no-data usb cables which I hated, but i see no reason to carry such a cable with me and then carry extra usb cables for data transfer. I am happy enough that the multiple cable problem is mostly solved and I still remember and by no means miss the days that I had to carry a separate charger and associated cable for each device, plus possibly other cables to connect stuff together.
The USB standard only allows 7.5W (5V @ 1.5A) of power. By negotiating over the data lines, the supplier and consumer can agree to higher amperage and voltage (up to 100W in USB3, 240W in USB3.1) - but you need data lines for this feature.
Some USB condoms include a chip to do this negotiation (with the other device) for you - but you still have to trust the chip.
You may very well have experienced this with a very basic USB cable (with just the power lines) - people call them cheap or bad quality, but because of the lack of data lines - only 7.5W can be delivered.
https://en.wikipedia.org/wiki/USB
This is incorrect. USB power delivery does not need the data lines. Negotiation happens over the CC line and Vbus line:
"A power-only receptacle Upstream-Facing-Port might only have VBus, GND, and CC pins populated, because they do not need the data transfer capabilities" source: https://acroname.com/blog/breakdown-all-power-delivery-types...
So the charger won't work without the data wire and it could destroy the laptop. It's so crazy because I've seen in these tech communities people saying it's recommended to cut the data wires and everyone is upvoting it. I guess that's another popular misconception going around that it's generally fine to cut a data wire.
The charger will work, just at a low/slow power. No destruction, unless it's non-conformant (the source should only increase the volts/amps if it detects the correct signalling from the drain... and this should is defined in the USB certification specs).
You may want to charge without a data-wire, or use a cable with a correct power-negotiation chip if you don't know/trust the source (eg a charging nook in a library/school/bar/airport.. anywhere public). Some devices are very trusting of power sources, or have been (security is improving, modern phones require unlock before they even acknowledge they accept/send data).
> You may want to charge without a data-wire, or use a cable with a correct power-negotiation chip if you don't know/trust the source (eg a charging nook in a library/school/bar/airport.. anywhere public).
There's an alternate charging interface you can use that's pretty widely available and I'd highly recommend--the 120/240VAC outlets all over the place!
Yeah yeah, I'm only half kidding. If you're going out to the bar you're probably not gonna shove a USB charger in your pocket. But in most of the rest of those situations (library, school, airport) and more you _probably_ have a few things you're carrying with you. Just leave a small adapter and cable rolling around the bottom of your bag and you don't have to worry about this. (Or at least you're into the realm of _wildly_ theoretical attacks.)
This doesn't just avoid the potential security issues... A lot of those charging lockers and things are not exactly well designed or well engineered. If you use your own charger you also know some weird cheap out-of-spec setup isn't going to damage your phone and there won't be any incompatibilities with the charger/cable/device that leave you charging at 7.5W.
USB PD without signaling won't work. It wont supply the needed voltage (e.g. 19V), and the laptop won't charge
Is that true? I have a cable here that I use to charge my laptop with 65W PD but it doesn't make a data connection. Does it do some black magic?
There’s data, but then there’s also the “CC” pins. CC is mandatory for USB-C. It is what does the communication for PD. So, it’s data, but a very specific type of data.
> I have a cable here that I use to charge my laptop with 65W PD but it doesn't make a data connection. Does it do some black magic?
The magic is that USB-C has not one, but _several_ mostly independent "data" connection wires. Chargers normally do not use or care about the USB 2.0 data channel (or the separate USB 3.0 data channel), they only care about the separate "configuration" channel used for USB-PD negotiation; IIRC, according to the standard pure chargers are even supposed to short together the USB 2.0 wires, to signal to older USB B or micro-B devices "I'm a dumb passive charger which can provide more than just 2.5W of power".
So, if you have a broken cable which does not have the USB 2.0 wires connected (which AFAIK is not allowed by the standard), but has the power and configuration wires correctly connected, it might (or might not) work as a charge-only cable.
The data lines weren't used for charging until fairly recently.
Al of those people may not be up to date, or you may be seeing old discussions.
> The data lines weren't used for charging until fairly recently.
Several proprietary protocols (like Quick Charge) used the data lines to negotiate the power and voltage, then USB Battery Charging standardized a way to indicate being a charger through the data lines, and that was all before USB-C. So unless you were satisfied with very slow charging, the data lines were always necessary.
> I've seen in these tech communities people saying it's recommended to cut the data wires and everyone is upvoting it
Right, and what communities are those, exactly?
[dead]
I generally only charge with devices I own:
I charge my laptops with the charger from the manufacturer, where the data cables are used to control voltage and wattage; or from a docking station from the manufacturer. If Apple / Dell are trying to hack me, well, I'm screwed!
I charge my phone with my own charger (wall) and wireless stand that I bought from the manufacturer. If I want to travel light, I charge it with my laptop charger. (Thanks to USB C) Again, I don't think Apple / Dell are trying to hack me.
Other devices are charged with chargers I bought on Amazon. I haven't taken them apart, but I don't think they have some hidden 5G chip that's being used to hack me.
If you're worried about security, _carry your own charger_ instead of plugging into random public USB ports.
---
But, I want to point something out about security: At some point you have to trust someone. If you're nervous, I would stick to a set of chargers that you screen carefully, and carry them with you.
There are two things to remember: one is that “juice jacking” is an urban legend hyped up by gullible police departments since the 2000s which just doesn’t happen in real life. Making computing clunkier for everyone doesn’t make any more sense than it does to put roofs over the keyboards in your server room to stop Tom Cruise from rappelling down from the ceiling.
Second, the same risk applies to every other device. Even if we eliminated charger docks and smart charging, we’d still have keyboards, mice, network adapters, storage, MFA tokens, etc. to worry about and that’s why your computer doesn’t blindly trust every device you connect any more. In 2004 you probably could have caused problems by presenting as a storage device with an auto run installer but now all you’re going to get are prompts.
It tells the laptop how much power is available. And with USB-PD charging it is used for voltage negotiation which removes the risk of destroying a laptop with the wrong voltage charger, while still allowing chargers to be swappable and interchangeable.
I believe they adapt charging speed to available power in some cases. Without the data pin, what if you wanted to make a a car charger, but the cigarette lighter couldn't support enough current for a full power charger? Or what if you wanted an ultra portable charger?
It's a useful feature for a pretty small extra risk.
It's just so convenient to be able to use the same charger for every device, and to use the same port for either charging or connecting peripherals. Is it ideal from a security standpoint? Not at all. Does that matter? Not in 99+% of contexts. Security is just not a real issue for the vast, vast majority of people. Those who really have significant risks to consider should adjust their habits and lives accordingly, but nobody else is going to go back to the days of a different, incompatible, power supply for every piece of equipment.
I'm assuming you're talking about the newer USB-C laptop chargers, instead of the old traditional "barrel plug" laptop chargers.
The main reason a data connection of some kind is necessary, is because it allows for universal chargers (the U in USB means "universal", after all). The same charger can be used for a laptop charging at 36V and 5A (https://frame.work/blog/framework-laptop-16-deep-dive---180w...), and a phone which cannot tolerate anything above 5V and needs less than 3A. Even old "barrel plug" laptop chargers often already had some kind of data connection (for instance, old Dell chargers, which output a fixed 19V, could tell the laptop whether they are a 65W or a 95W charger, you can see it on the BIOS screen).
And for compatibility, the USB 2.0 wires (the negotiation described above happens on the separate CC wire) are also necessary. The way old USB-A phone chargers told the phone (which usually had a micro-B plug) they're a charger was through the USB 2.0 wires. The standard way of doing that is shorting both USB 2.0 wires together, but there are proprietary alternatives which do something else with these wires. A USB-C charger can charge these old phones through either a USB-C to micro-B adapter together with a USB-C cable, or a USB-C to micro-B cable.
> How do you approach this security threat? Or do you not do anything about it at all?
Frankly speaking, the security threat I'm more worried about is a low-quality or damaged charger accidentally putting unfiltered 127V AC into the USB port. The best way to protect against that threat, which also protects against the "charger is a malicious USB data device" threat you're worried about, is to carry and use only your own high-quality charger, together with a portable surge suppressor (which has a MOV with a fuse).
> It creates an unnecessary security risk by having the data wires. What are your opinions on this?
That you are correct. It creates no small security risk (as does the overly-chatty relation between batteries and function boards nowadays)
(I am not sure you could produce a battery bomb without a separate back-signal to detonate it)
USB was never a very far sighted show, It's undergone so many revisions to squeeze more transfer of power and data out of it than is good.
There are analogue methods. Current sensing and current limiting circuits are ancient. You can build really sophisticated power supply designs that match supply and sense problems. You can even encode data as a side channel on the power lines themselves. But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.
> You can even encode data as a side channel on the power lines themselves. But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.
The security issue isn’t that there are separate data lines, it’s that there’s a data communication channel between charger and device.
So, encoding data as a side channel won’t fix the security issue.
It's not about the battery going boom or frying the device. For that you don't need data lines, you could always just put high voltage on the wires.
The security risk emerges from the fact that the charger might be a usb/thunderbolt device, exploit those interfaces and exfiltrate data from your system. It's absolutely feasible to build such devices, the only hard part is the exploit.
USB-PD negotiation can be done before reaching the laptop, using a fixed-function adapter for the desired voltage and current. Then the final leg of the connection can be power-only. This is used to power older laptops via USB-c and barrel connector.
I want to output to my monitor and charge the thing at the same time
you could've typed your exact post title into Google and had the answer faster.
They could’ve had a wrong answer faster. Google search isn’t deterministic and the current LLM answer at the top for me is half right and half wrong.
That's one billion percent not what I meant. Wow.
I just can't man, I fucking can't anymore with the Internet and people's need for everything to be spoon fed and assuming that everyone else has lost all information literacy.
> Why do laptop chargers have data wires?
Why should I care?
These situations are not very likely but let's let the imagination go wild:
- A USB charger-looking device could, in addition to charging, perform malicious actions which involve being another USB device. For example, it may pretend to be a keyboard and enter commands without your knowledge.
- Also from what I can tell here after a brief reading: Intel exposes JTAG functionality over USB ports (https://global.ptsecurity.com/analytics/where-theres-a-jtag-...) and I would think a malicious USB device could freeze the CPU by making the CPU enter probe mode, then dump its RAM through JTAG commands, getting encryption keys and other data if it wanted. As far as transmitting that data: low power Android devices with cellular capability will definitely fit in a charger-looking device. (Heck, there are SD cards with Wi-Fi capability in them.) Hope no one opens it up though.
My guess is that in part chargers have data wires for the reasons you fear because there are people with the political capital, money, technical expertise, and motivation to shape consumer facing technologies to the interests of nation states. These people are dedicated professionals and to not achieve the simple things you fear would be grossly unprofessional.
But data cables in USB chargers also provide conveniences to ordinary people (which other comments mention). TANSTAAFL
>TANSTAAFL
what?
“There ain’t such thing as a free lunch” I think?
Coined by Heinlein in The Moon is a Harsh Mistress.
Oh so not Thatcher. Interesting.
Coined by Heinlein in The Moon is a Harsh Mistress.
It's far older than that. At least a 150 years old.
Bars used to provide free lunches to encourage people to buy more drinks. Often very cheap and salty lunches, like stews or corned beef. This was very common in the 1920's-1940's, decades before Heinlein. It later evolved into just bowls of peanuts or pretzels on bars, though I haven't seen a bar with complimentary beer nuts in years.
The stew looked like a free lunch, but there's no free lunch because you paid for it in drinks.
Skimming this link: https://quoteinvestigator.com/2016/08/27/free-lunch/ shows it was in print at least back in 1886.