In a recent advisory, the FBI is sounding the alarm on the risks associated with using public phone charging stations, commonly found in malls and airports. These USB stations have become a breeding ground for cyber threats, with bad actors exploiting them to disseminate malware and monitoring software, as revealed by a tweet from the FBI’s Denver branch.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
Despite not providing specific examples, the agency strongly recommends consumers carry their charger and USB cord, opting for electrical outlets instead. The convenience of public charging stations becomes overshadowed by the looming danger of malware infiltration, a concern security experts have been emphasizing for years.
The term “juice jacking” was coined in 2011 to describe the vulnerability of devices connected to compromised power strips or chargers. Drew Paik, formerly of security firm Authentic8, explained the severity, stating that by plugging a phone into a compromised charging source, the device becomes infected, compromising all stored data.
The USB cord serves the dual purpose of charging and data transfer, and can be exploited by hackers if the port is compromised. This vulnerability opens the door to unauthorized access to personal information, including emails, text messages, photos, and contacts.
Vikki Migoya, public affairs officer at the FBI’s Denver branch, emphasizes that the advisory serves as a general reminder for the American public to remain vigilant, particularly while travelling. The Federal Communications Commission (FCC) echoes these concerns, updating a blog post to highlight the potential consequences of using corrupted charging ports, including device locking and the extraction of personal data and passwords.
The danger doesn’t stop there. Reports suggest that criminals may intentionally leave compromised cables plugged into charging stations, and there have even been instances of infected cables being distributed as promotional gifts. The overarching message from law enforcement agencies is clear: prioritize personal cybersecurity, be acutely aware of potential risks, and exercise caution when it comes to charging devices in public spaces. Your data’s safety depends on it.
Both agencies advise consumers to exercise vigilance and bypass public charging stations, echoing the shared concern for the potential exploitation of these charging points. With the absence of specific consumer harm instances, the focus remains on preemptive measures to safeguard personal information. As the threat landscape evolves, the united message from the FBI and FCC serves as a crucial reminder to prioritize cybersecurity and remain wary of seemingly innocuous public amenities.