Public Charging Stations Can Steal Data, Warn Officials

Travellers in the United States are being advised against using portable USB charging stations due to the security risks associated with them.

The Los Angeles District Attorney issued a security alert, that USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two.

It announced that “juice jacking” criminals are loading malware into public USB power charging stations in airports, hotels and other locations.

Juice jacking

Charging stations have become popular thanks to the increase in smartphones and tablet usage over the past decade.

In the USB Charger Scam, often called ‘juice jacking,’ criminals load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users,” said the LA DA.

The malware may lock the device or export data and passwords directly to the scammer,” it added.

It urged travellers to rather use use an AC power outlet, not a USB charging station, and said that people should take AC and car chargers for their devices when travelling, or consider buying a portable charger for emergencies.

Wi-Fi easier

A security expert pointed out that setting up a malicious Wi-Fi hotspot are often considered by criminals as a more effective option.

The risks associated with public USB charging ports has been known for some time,” explained Javvad Malik, security awareness advocate at Knowbe4. “Although, there is no real evidence to suggest it is a likely attack method beyond a proof of concept.”

For many criminals, tampering with a public charging port can be a risky proposition which is not worth the effort,” said Malik. “Setting up a malicious wifi hotspot is a far more effective way to intercept traffic in public places.”

At most the compromising of USB ports may be a tactic used to target specific individuals, executives, or politicians,” said Malik. “But for that group of people, there should already be countermeasures already in place for a broad range of attacks.”

For people that are worried about this kind of attack, an alternative could be to use public USB charging ports to only charge an external battery pack, and then use that to charge their device so that the device is never directly connected to the USB port,” he added.

In 2017 Wi-Fi users at a Starbucks in Buenos Aires found their computers’ processing power was being hijacked and used to mine cryptocurrency when they connected to the network.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago