Public Charging Stations Can Steal Data, Warn Officials

Travellers in the United States are being advised against using portable USB charging stations due to the security risks associated with them.

The Los Angeles District Attorney issued a security alert, that USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two.

It announced that “juice jacking” criminals are loading malware into public USB power charging stations in airports, hotels and other locations.

Juice jacking

Charging stations have become popular thanks to the increase in smartphones and tablet usage over the past decade.

In the USB Charger Scam, often called ‘juice jacking,’ criminals load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users,” said the LA DA.

The malware may lock the device or export data and passwords directly to the scammer,” it added.

It urged travellers to rather use use an AC power outlet, not a USB charging station, and said that people should take AC and car chargers for their devices when travelling, or consider buying a portable charger for emergencies.

Wi-Fi easier

A security expert pointed out that setting up a malicious Wi-Fi hotspot are often considered by criminals as a more effective option.

The risks associated with public USB charging ports has been known for some time,” explained Javvad Malik, security awareness advocate at Knowbe4. “Although, there is no real evidence to suggest it is a likely attack method beyond a proof of concept.”

For many criminals, tampering with a public charging port can be a risky proposition which is not worth the effort,” said Malik. “Setting up a malicious wifi hotspot is a far more effective way to intercept traffic in public places.”

At most the compromising of USB ports may be a tactic used to target specific individuals, executives, or politicians,” said Malik. “But for that group of people, there should already be countermeasures already in place for a broad range of attacks.”

For people that are worried about this kind of attack, an alternative could be to use public USB charging ports to only charge an external battery pack, and then use that to charge their device so that the device is never directly connected to the USB port,” he added.

In 2017 Wi-Fi users at a Starbucks in Buenos Aires found their computers’ processing power was being hijacked and used to mine cryptocurrency when they connected to the network.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

EU Deepens Investigation Into Elon Musk’s X

European Commission adds “additional investigatory measures to X” as part of its ongoing DSA investigation

1 day ago

Supreme Court Rules TikTok Can Be Banned in US

Ruling from Supreme Court upholds nationwide ban on TikTok unless ByteDance sells, but official says…

1 day ago

Apple Suspends AI-Generated News Notifications After Errors

After complaint from BBC, Apple opts to suspending artificial intelligence feature after inaccurate summaries of…

1 day ago

TikTok Prepares To Shutdown App In US On Sunday – Report

As an advisor says Trump is exploring options to 'preserve' TikTok, reports suggest app is…

2 days ago

BT Abandons Plan To Turn Roadside Cabinets Into EV Chargers

BT throws in the towel to install 60,000 EV chargers utilising roadside cabinets, after installing…

2 days ago

Biden Signs Executive Order To Bolster US Cyber Defences

In its final few days, Biden Administration delivers another executive order focused on bolstering cybersecurity…

2 days ago