‘Juice jacking’ criminals are exploiting USB charging stations at airports, hotels and shopping centres to install malware
Travellers in the United States are being advised against using portable USB charging stations due to the security risks associated with them.
The Los Angeles District Attorney issued a security alert, that USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two.
It announced that “juice jacking” criminals are loading malware into public USB power charging stations in airports, hotels and other locations.
Charging stations have become popular thanks to the increase in smartphones and tablet usage over the past decade.
“In the USB Charger Scam, often called ‘juice jacking,’ criminals load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users,” said the LA DA.
“The malware may lock the device or export data and passwords directly to the scammer,” it added.
It urged travellers to rather use use an AC power outlet, not a USB charging station, and said that people should take AC and car chargers for their devices when travelling, or consider buying a portable charger for emergencies.
A security expert pointed out that setting up a malicious Wi-Fi hotspot are often considered by criminals as a more effective option.
“The risks associated with public USB charging ports has been known for some time,” explained Javvad Malik, security awareness advocate at Knowbe4. “Although, there is no real evidence to suggest it is a likely attack method beyond a proof of concept.”
“For many criminals, tampering with a public charging port can be a risky proposition which is not worth the effort,” said Malik. “Setting up a malicious wifi hotspot is a far more effective way to intercept traffic in public places.”
“At most the compromising of USB ports may be a tactic used to target specific individuals, executives, or politicians,” said Malik. “But for that group of people, there should already be countermeasures already in place for a broad range of attacks.”
“For people that are worried about this kind of attack, an alternative could be to use public USB charging ports to only charge an external battery pack, and then use that to charge their device so that the device is never directly connected to the USB port,” he added.
In 2017 Wi-Fi users at a Starbucks in Buenos Aires found their computers’ processing power was being hijacked and used to mine cryptocurrency when they connected to the network.
Do you know all about security? Try our quiz!