The FBI is cautioning consumers about the potential risks associated with using public phone charging stations, urging them to avoid such stations to prevent exposure to malicious software.
Public USB stations, commonly found in places like malls and airports, are being exploited by malicious actors to disseminate malware and monitoring software, as highlighted in a recent tweet from the FBI’s Denver branch. While the agency did not provide specific examples, it strongly recommended individuals carry their own charger and USB cord and opt for using electrical outlets instead.
Despite the convenience of public charging stations, security experts have long expressed concerns about the associated risks. The term “juice jacking” was coined in 2011 to describe the threat of compromising devices by plugging them into compromised power strips or chargers.
Drew Paik, formerly of security firm Authentic8, explained in a 2017 CNN interview that the same cord used for charging also facilitates data transfer between the phone and other devices. If a port is compromised, a hacker could potentially access various types of sensitive information, including emails, text messages, photos, and contacts.
Vikki Migoya, public affairs officer at the FBI’s Denver branch, emphasized that the warning serves as a general reminder for the American public to remain vigilant, especially while traveling. The Federal Communications Commission (FCC) also updated a blog post, cautioning that a corrupted charging port could enable a malicious actor to lock a device or extract personal data and passwords. The FCC even noted instances where criminals intentionally left infected cables at charging stations, and there were reports of such cables being distributed as promotional gifts.