New York Begins Public Gigabit Wi-Fi Rollout

An anonymous reader writes: Workers in New York City have begun installing the city's first LinkNYC kiosks. The kiosks are free, public Wi-Fi access points, which are taking the spots formerly occupied by phone booths. 500 more of these hubs will be installed by mid-July, and the full network will eventually include over 7,500 of them. "Once completed, the hubs will also include USB device charging ports, touchscreen web browsing, and two 55-inch advertising displays." The displays are expected to bring the city $500 million in revenue over the next 12 years. When the project was announced in 2014, officials said construction would start "next year." They sure cut it close.

Who would plug into a random USB port?

[TuballoyThunder]

Maybe I'm paranoid, but that just doesn't seem like a good idea.

Re:Who would plug into a random USB port?

[kheldan]

You're not at all paranoid, at least not in a bad way, for thinking that. I was just thinking that, so long as the device you want to charge just needs the 5 volt supply and not the data pair active, a good accessory to have would be a USB cable that has the data pair disconnected. That way if you do plug in somewhere in public, there's no chance of your device being compromised by malware. Now of course that won't protect you against someone sabotaging the port so it outright damages someone's device; has anyone heard of someone intentionally sabotaging USB ports so anything you plug into them gets damaged?

Re: Who would plug into a random USB port?

[fustakrakich]

Somebody is going to make a bundle selling USB voltage regulators. As for data? The chargers don't use those pins

Re:Who would plug into a random USB port?

[rsborg]

You mean something like a USB Condom?

Re: Who would plug into a random USB port?

[Obfuscant]

As for data? The chargers don't use those pins

How do you KNOW that the USB socket you're about to plug your device into doesn't use those pins? You control the device, someone you don't know controls the thing you plug it in to.

After all, there are people who manage to install stuff into ATMs that can read and transmit card data, so putting something in one of these kiosks is not beyond the pale. And the kiosk provider could even justify forcing your device to enumerate by saying they're only going to keep track of what devices are plugged in.

And yes, some chargers do use the data pins as a way of identifying known devices to which they should provide power and at what maximum current. Thus you have Motorola chargers that won't charge a Sanyo phone, LG phones that won't charge from generic chargers, etc. (Names used for example only.) I spent a lot of time trying to get one of my phones (now obsolete) to charge from a standard USB charger and I found there are at least three different data-line signalling systems that were in use. "How many ohms to which other pins" was the common way.

Re: Who would plug into a random USB port?

[by+(1706743)]

You can buy or make your own power-only cables. Doesn't address the aforementioned power spec issue, of course.

Re:Who would plug into a random USB port?

[dissy]

Yeah, exactly, except someone who is handy could just get a short USB extension cable, strip back the outer jacket, expose the data pair (white and green twisted pair, I believe) and just cut them, then put heatshrink or electrical tape over where you modded the cable and you're done. Would cost you less than a dollar and take all of 10 minutes of your time.

I've done pretty much exactly that before, although there was a couple additional steps involved.

This was way back when the iPhone 3g just came out, and I was annoyed that most (real) USB chargers would do nothing more than connect the GND and +5v pins, which by USB spec is how the charger states it only has 500ma available.
To inform a device there is more amperage available, the USB spec states you need to have voltage on the two data pins.

The iPhone 3g could suck down up to 1000ma if available, which involved having +2.0v on one data pin, and a bit more on the other data pin. (+2.75v going by the link I found below. Sorry, the memory isn't too good these days)

I had a USB extension cable laying around that had a normal USB connector on one end, and a small weighted plastic base on the other end with the jack. It was intended to sit on your desk and let you plug in flash drives and be all pretty and convenient I think.
But to me the plastic base was the perfect place to solder in the two resistors between +5v and the data pins and keep all the ugliness out of sight.

The cable was something like this, although not the exact same model:
http://www.amazon.com/StarTech-5ft-Desktop-Extension-Cable/dp/B001K9BFB8

Here is a lookup table of resistances/voltages needed on the two data pins to signal various amperages:
https://www.voltaicsystems.com/blog/choosing-usb-pin-voltages-for-iphones-and-ipads/

Doing the soldering free-hand instead of digging up some perfboard made it take about 15 minutes, so you are pretty spot on.
I already had the parts laying around so didn't cost me anything, but that USB cable on amazon above was just the first result I found so I'm sure isn't the cheapest available, but even that is only $7.

Since then the "USB Condoms" other people have been posting about have dropped in price to about the same as building one yourself, plus they look a lot slicker and professionally made, and quite short compared to my 3 foot monstrosity, so I just purchase them now.

Not only does such a device help protect your hardware from the unknowns out there, but in the case of Apple connecting an iOS device over USB would auto-launch iTunes, an annoyingly long and most of the time unwanted process just to get a bit of recharge.
There have been other devices in the past I remember doing similar, auto running some software when the computer detects it. Totally annoying when one is capable of running programs on their own when needed :P

Thankfully Android never went down that path, but even there a USB condom is useful as the devices usually show up as a flash drive with your camera pictures on it which could be copied from you unwantingly, and a few models I have seen expose this as read/write!
At work I have group policies set to deny read access to any "\\\\.\\autorun.inf" file (aka that file at the root of any drive path) as well as to log to a server the fact explorer.exe tried to read one along with the exe name it tries to run.
A co-workers Android phone got infected by Windows malware we discovered this way, as some infected PC copied an autorun.inf and a [random-letters].exe to his phone, to attempt to infect other Windows PCs it got connected to.
Obviously the phone itself wasn't infected, and as he mainly only plugged the thing in at home (Linux) and at work (Windows yes but with the above GPO), and so he never noticed it was playing infectious carrier to anything he plugged into.

TL;DR - Always be safe and wrap yur wire!

Do these guys understand public infrastructure?

[goodmanj]

This sounded like a fine idea until they mentioned USB ports. Those suckers are gonna be full of gum, or worse, in 60 seconds. The fact that they're even trying to provide USB charging makes me worry that they totally don't understand how to protect public hardware from vandalism.

If somebody taking a fire axe to your touchscreen isn't part of your interface design document, you don't know what you're doing.

Re:Do these guys understand public infrastructure?

[Kernel+Kurtz]

The fact that they're even trying to provide USB charging makes me worry that they totally don't understand how to protect public hardware from vandalism.

Pretty much same here. A public mesh network has lots of potential.

Kiosks might work in trendy, well lit, low crime areas. With cameras. And regular patrols.

Re:Do these guys understand public infrastructure?

[swb]

Pay phones were pretty impressive engineering overall when you think about how much abuse they were subject to.

The locks used on them, especially the coin box versions, were probably one of the most impressive parts of them. They might rank as one of the most secure mass-produced locking mechanisms ever made. I think the coin box had 1.5 million key variations and were extremely pick resistant.

This link outlines the lock system used and mentions the almost legendary status of them. I seem to remember the urban legend mentioned in the article about one guy who figured out a system for picking the coin box lock. The article doesn't go in to details, but I vaguely remember there was supposedly one guy (maybe an insider who had access to the internals or keying system or something) who got away with it for a while.

Back in the 1970s or even earlier, there would have been a huge motivation for a successful and simple method of opening pay phone coin boxes. Pay phones were everywhere and if you could gain easy access to opening the coin box you could have probably made a living just going from phone to phone emptying the coin boxes.

http://www.crypto.com/photos/m...

Re:All tracked to the gills, I'm sure

[arth1]

A more appropriate headline would be "NYC Begins Mesh Surveillance Network Rollout."

Yes, but as long as the masses confuse "free" with "no direct monetary costs", it will be seen as manna from heaven.

Their own privacy policy states that they require registration to use the service, and then they collect information including (but not limited to) mac address, IP address, browser type and version, operating system, device type, device ids, full URLs and IP addresses and timestamps of everything you connect to.

And they serve you targeted advertising, and reserve the right to share data with advertisers to "better' serve you targeted ads.

it would likely be illegal to call this free in either meaning of the word outside the land of the free.