When the nation’s premier intelligence agency issues a warning about the device sitting in your pocket and bags, you better pay attention. This time around, the FBI has warned smartphone and laptop users against juicing up their devices at public charging points — citing the risk of malware injection.
The FBI’s warning was posted on Twitter, and even though it doesn’t go into detail about the sheer scale of risk posed by public charging stations, the problem has been well documented. Public charging stations at spots like your nearest cafe, buzzy airports, or shopping malls should ideally be avoided because the outlets might be brimming with malware.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
The technique is called “juice jacking.” In a nutshell, it’s possible that malware has been installed on the USB port or the USB cable connected to one of these public charging stations. While your phone is charging, the bad actor may be able to infect it with a virus or malware that can do everything from stealing data to tracking keystrokes in order to get a hold of sensitive information like banking credentials.
The risk agent here is that when you connect your phone or computer via a USB cable interface, a trusted handshake is established. With such a privilege, and in lieu of active malware protection software on your system, it becomes extremely convenient to transfer malware files for bad deeds like running adware, exploiting the onboard resources for crypto mining in the background, spying, and ransomware.
From extracting files stored on your phone or laptop stored to malware injection, there’s a ton of damage that can be done. The current generation of phones and laptops disable data transfer by default, and every time you connect a USB cable, an on-screen prompt appears that asks whether you want to use the USB connection for data transfer or just charging. Needless to say, specify that the USB connection is used solely for charging and no other activity.
In 2011, researchers actually created a compromised charging kiosk loaded with malware in a bid to raise awareness about the issue. A few years later, security experts came up with another such device (called Mactans) that could load malware on an iPhone or iPad under the guise of charging it.
Plus, the FBI’s warning is not the first advisory of its kind. In 2019, the County of Los Angeles also issued a warning against juice jacking, alerting citizens that bad actors can deploy infected USB outlets in public places to wreak havoc. But if you must charge a device in a public place, here are a few safety measures you need to keep in mind:
- If possible, find an AC wall outlet for charging instead of a kiosk with multiple cables dangling out of it.
- Always keep your phone locked while charging. Better yet, power off your phone or laptop.
- Carry a portable charging solution like a power bank if you often need to juice your device on the go.
- Get a USB pass-through device, as they disable the data transfer pin and only allow charge transfer.