Holiday travelers should exercise caution when they use USB charging stations.
The Los Angeles District Attorney’s office recently issued a warning about the dangers of USB charging stations in public places, including airports and hotels. While the office said they had not received any complaints about incidents regarding the chargers, they warned that they could be used to spread malicious software to smartphones.
While the warning was issued in Los Angeles, the precautions advised are good practice for travelers from all parts of the world.
Modern phones use USB cables to transfer both power and information, charging the phone while also allowing it to synchronize with a recognized computer. While convenient for everyday use, this design could also allow non-recognized systems to potentially upload malicious code to a smartphone.
The concept for this type of hacking, called “juice jacking,” was first announced in 2013 after hackers at a security conference created a USB wall charger that could upload malware to iOS devices, such as iPhones. Over years, more advanced techniques were devised that could log keystrokes on laptops, or even capture video of phone screens while they were in use.
There are ways to protect your information from such hacking, should it be attempted. The LA District Attorney’s Office said the easiest way to avoid using pluggable charging devices found in public places. Such devices, which include both adapters and cables, could be modified by criminals and planted in hopes that a traveller would pick it up and use it.
Travelers should avoid using public USB charging stations, instead using AC outlets with only charging devices you own. In addition, some companies sell “no-data transfer” USB cables which only allow power – not information – to travel from a charger to a phone. Adaptors are also available to provide a stopgap between chargers and devices.
While authorities have warned of the possible threat of “juice jacking,” to date no instances of the crime have been recorded in the real world. Nevertheless, precautions such as the ones suggested here are considered good practice to protect personal data from theft.