It's a real shame that the USB standards creators didn't work harder on error-proofing and longevity.
If I were on the standards committee, I would have made every pin interchangeable - ie. any pin can be gnd, any pin can be Vbus, any pin for data, etc. When plugged in, the device on the end would test every pin, and then decide which to use for data and which to use for power.
That way, when a cable gets a bit old and 3 out of 30 pins are shorted or dirty or otherwise bad, the cable works but simply delivers 90% of the power it used to.
The absolute cheapest cables could have just 2 pins, and would be slow and low power, but still fully 'working'.
This wouldn't have added much cost to most devices either - most devices have a dedicated IC for USB functionality, and that IC can deal with muxing signals and power. On devices which only take power, a simple array of diodes can take power from any pin. Data signals could be capacitively coupled, meaning the muxing could be done on a single chip without needing special high voltage silicon processes (the cost of a chip goes up a lot as soon as you want it to deal with high voltages on any pin).
I would imagine that leaving a charger plugged in to a public outlet is not as interesting as you have presented it to be.
Sure, you would be leaving evidence, but if your plan works, that evidence won't be sought out anyway.
If you sent a mysterious package, it wouldn't be strange or out-of-character for someone to investigate that package intentionally: which presents a significant attack surface for the discovery of your ruse.
Here's what you do without leaving obvious chargers dangling out of outlets. You don't need to even send a guy in a maintenance uniform out to the site, or tamper with installed equipment.
You're a decently high-capacity Chinese factory that makes custom USB outlets. You make a "special" line with a zero-day chip or firmware inline with a cable. The cable only needs to be a little fatter to accommodate some unobtrusive electronics. They are slid under the insulation and there is no dedicated PCB that may attract scrutiny.
You wait until the order comes in for the site(s) you wish to target, and you ship them off.
The countermove to this, of course, is that the installer does a fuzz test of the charging station with a few common devices, trying to tickle the bug, and also a protocol analyzer that will inspect the USB data stream for anything out of the ordinary.
My armchair quarterback mind says that the above security testing should be fairly effective if you are dealing with a low-level adversary. A state-sponsored one with sufficiently large enough state would not be hindered by puny countermeasures like that, and would be able to target more accurately.
Here's another countermeasure on the consumer level: optocoupling. This is good to mitigate voltage and amperage damage, even accidental or unintentional types. I suppose it would prevent charging too, but there's got to be something useful about it.
If, and that’s a big if, the victim was able to trace the infection back to a charging port, then have the time, resources, and capability to debug the chips.
That’s all assuming the bad port wouldn’t have been removed, and video might just show regular “maintenance.”
Yeah, it’s all above and beyond, but I think it’s in the realm of possibility for a high level target (see: stuxnet et al)
