Seems like the port shouldn't even be active for data (charging only) when the phone is locked. Anyone wanna bet they enabled it for headphones since they removed the headphone jack? ;-)
-
-
It definitely supports more than charging in that case, as do Android phones. The move to Lightning / USB C headphones does genuinely make it less convenient to do something like https://github.com/CopperheadOS/platform_frameworks_base/commit/7b811853c5d2b05ec5db11786ab3f4b6a079e1a1 … but there are a lot of other reasons for them using data at that point.
1 reply 0 retweets 2 likes -
Replying to @CopperheadOS @RichFelker and
One simple example is supporting USB keyboards and various accessibility technology. Some of that may be needed by someone to unlock the screen. Accessibility support often ends up being a security problem, not familiar with how accessibility services work on iOS though.
3 replies 0 retweets 1 like -
Seems they could/should only support Bluetooth, and only devices that are already paired when unlocked. Lightning is a much much bigger attack surface.
1 reply 0 retweets 1 like -
This logic requires code to execute, and that is likely where the flaw lives.
1 reply 0 retweets 0 likes -
There's no reason the data lines couldn't be electronically gated to a dumb charging controller chip while locked. Would eliminate non-invasive physical attacks.
2 replies 0 retweets 1 like -
I’ve seen USB driver code at both the OS and micro-controller level - it’s not pretty. You’d be surprised how many special cases are required just to negotiate charging.
1 reply 5 retweets 21 likes -
Yes but that logic has no need to interact with OS or security processor logic. Can be completely isolated.
1 reply 0 retweets 1 like -
That would be interesting, and it would also be something not called USB.
2 replies 0 retweets 1 like -
Look in the Linux kernel USB implementation. That's where all of the fancy power negotiation stuff is implemented. A Linux kernel bug can result in stuff like https://www.androidpolice.com/2018/03/21/android-8-1-update-2016-pixel-xl-causes-potentially-dangerous-overcurrent-charging-bug/ ….
2 replies 1 retweet 2 likes
Yet another reason not to do this in software but instead have a dedicated charge controller and gate the port to that controller when charging or locked.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.