[nonrandomstring]

> It creates an unnecessary security risk by having the data wires. What are your opinions on this?

That you are correct. It creates no small security risk (as does the overly-chatty relation between batteries and function boards nowadays)

(I am not sure you could produce a battery bomb without a separate back-signal to detonate it)

USB was never a very far sighted show, It's undergone so many revisions to squeeze more transfer of power and data out of it than is good.

There are analogue methods. Current sensing and current limiting circuits are ancient. You can build really sophisticated power supply designs that match supply and sense problems. You can even encode data as a side channel on the power lines themselves. But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.

[Someone]

> You can even encode data as a side channel on the power lines themselves. But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.

The security issue isn’t that there are separate data lines, it’s that there’s a data communication channel between charger and device.

So, encoding data as a side channel won’t fix the security issue.

[dragonwriter]

> The security issue isn’t that there are separate data lines, it’s that there’s a data communication channel between charger and device.

Yes, you can only eliminate the security issue by eliminate the functionality requiring communication.

You can, however, mitigate the security issue and narrow the range of potential attacks by having a dedicated-purpose channel that only is connected to capabilities related to the functionality for which it exists. Security is always a balancing act of how to mitigate the risk associated with desired functionality; shedding functionality is only the optimal solution where the risk outweighs the benefits of the functionality.

[dragonwriter]

> You can even encode data as a side channel on the power lines themselves.

USB-C PD standard basically does this (well, on a side channel compared to the main data lines, at any rate.)

> But that would be more expensive and since the separate data lines were already there few designers thought to prioritise security over simplicity and cost.

Pretty sure that the reason the pre-USB-C quick charging non-standard implementations that used existing data lines didn’t do so because it was cheaper to build but because it was more useful for users to not have to have special, incompatible cables for charging.

[KeplerBoy]

It's not about the battery going boom or frying the device. For that you don't need data lines, you could always just put high voltage on the wires.

The security risk emerges from the fact that the charger might be a usb/thunderbolt device, exploit those interfaces and exfiltrate data from your system. It's absolutely feasible to build such devices, the only hard part is the exploit.