AdminSmartphone batteries are bigger than ever, but we spend enough time with each of them to make the opportunity for a quick charge something we rarely pass up. But maybe we should, at least when it comes to public charging stations. According to the FBI, they are simply dangerous.
It’s called “Juice Jacking”, a term coined by security expert Brian Krebs in 2011 (opens in a new tab)and refers to attackers hijacking charging stations in city streets, airports and other public places where people can accidentally stop and charge one of the best smartphones. Ten years later, the FBI office in Denver, Colorado raised the alarm again in a tweet.
Avoid using free charging stations at airports, hotels or shopping malls. Rogue actors have come up with ways to use public USB ports to inject malware and surveillance software into devices. Carry your own charger and USB cable with you and use an electrical outlet instead. pic.twitter.com/9T62SYen9TApril 6, 2023
As the FBI notes, the attack could come from a charging port or a cable someone accidentally left behind.
The reason these attacks are so effective is that USB-C, USB-3, and Lightning ports are dual-purpose: they have pins for power and pins for data. When the phone is connected to the charger, it only uses the charging contacts. If you want to use a compromised charging station or cable, this may also require data pins. These pins can be used to deliver malware directly to your phone. The infection can then communicate with the hacker to track keystrokes and even steal passwords and personal information.
While this proof of concept has been around for years, the most famous one used in Security Conference 2017 (opens in a new tab) to emphasize, actual reports of phone thefts after using a public charging station are sparse.
Still, when traveling, it’s a good reminder not to trust any old port. If you must use such a port, bring a cable that strongly blocks access to data (only has charging contacts).
Alternatively, you can travel with a portable charger (and cable). Finally, we suggest you travel with your own charger and cable, and plug your phone directly into a wall outlet that only supplies electricity, not data.
Let’s just not trust
Good technology safety is like good hygiene. Sometimes you can’t practice more than washing your hands only once a week.
Protecting your phone from wandering digital eyes requires near-constant vigilance. It’s not difficult, but it does require some awareness that convenience should never outweigh data security.
Public charging ports proliferated for two decades, even as we became aware of their inherent security risks. This means that it is up to us to use them wisely, if at all.
Basically, we shouldn’t consider them safer than plugging your phone into someone’s computer for a quick charge. Even if you know who owns the computer, you don’t know if the system is infected.
As long as certain ports can deliver both electricity and data, they will always be an attack vector. Protect these ports and protect yourself.
