Smartphone batteries are bigger than ever but we spend enough time on any of them that the opportunity for a quick charge-up is something we rarely pass by. But maybe we should, at least when it comes to public charge stations. According to the FBI, they're just plain dangerous.
It's called "Juice Jacking," a term coined by security expert Brian Krebs in 2011, and refers to attackers hijacking charge stations in city streets, airports, and other public venues where people might casually stop and charge up one of the best smartphones. A decade later, the FBI's Denver, Colorado, office sounded the alarm again in a tweet.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9TApril 6, 2023
As the FBI notes, the attack can come from either the charge port or a cable that someone causally left behind.
The reason such attacks are so effective is that the USB-C, USB-3, and lighting ports are dual-purpose: they have pins for power and pins for data. When you plug your phone into a charger, it's only using the charge pins. If you were to use a compromised charge station or cable, it might also be using the data pins. Those pins could be used to deliver a malware payload directly to your phone. After that, the infection could communicate with a hacker to track your keystrokes and even steal passwords and personal information.
While this proof of concept has been around for years, most famously used at a security conference in 2017 to make a point, real-world reports of people's handsets being hijacked after they used a public charging station are scant.
Even so, as we travel, it's a good reminder to, well, not trust any old port. If you must use such a port, bring a cable that firmly locks out data access (it only features charge pins).
Alternatively, you can travel with a portable charger (and cable). Finally, we suggest traveling with your own charge adapter and cable and plugging your phone directly into a wall outlet, which only delivers electricity and not data.
Let's just not trust
Good technology security is like good hygiene. You can no more practice it sometimes than you can wash your hands just once a week.
Protecting your phone from wandering digital eyes does take almost constant vigilance. It's not hard to do but it does take some awareness that convenience should never outweigh the safety of your data.
Public charge ports proliferated over the two decades even as we learned about their inherent safety risks. That means it's up to us to be smart about when, if ever, we use them.
Essentially, we shouldn't consider them any safer than plugging your phone into someone else's computer for a quick charge. Even if you know who owns the computer, you don't know if the system is infected.
As long as some ports can deliver both electricity and data, they'll always be an attack vector. Protect those ports and protect yourself.
