Although free charging stations in airports and shopping centers may seem tempting, the Federal Bureau of Investigation (FBI) advises against using them. In a recent PSA from their Denver branch, the FBI highlights that malicious actors exploit public USB ports. They install malware and monitoring software onto connected devices. Even though it may be more of a hassle, the FBI recommends carrying your own charger and USB cable and using a standard electrical outlet if you need a charge.
Is it really a serious threat?
Warnings about juice-jacking have been around for years, but not everyone is convinced that the threat is severe or actionable. In 2021, the Federal Communications Commission (FCC) issued a similar warning about the dangers of using public charging stations. Dirty USB ports can load software that can lock a device or steal passwords and other sensitive information while running in the background. In some instances, a hacker may plant a compromised cable in a power station. They hope an unsuspecting victim will use it.
In reality, this and other potential attack vectors all come down to your level of paranoia and how far down the rabbit hole you’re willing to go.
Is an attack like the one the FBI warned against plausible? Certainly. But even if you use your own charger, can you be sure that nobody has tampered with it or your charging cable? Did it come directly from your phone manufacturer, or was it purchased from a third-party accessory maker? What are your thoughts on public Wi-Fi hotspots, and how secure do you believe they are? And what about all the apps you have downloaded and the sites you visit?
The truth is that smartphones are susceptible to various attached and wireless attacks, many of which the general public probably hasn’t even considered. It comes down to risk versus reward, convenience versus privacy.