Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week.
USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.
This type of attack received its own name, as “juice jacking.”
ZDNet has covered the story here: https://www.zdnet.com/
Smartphones and tablets are wonderful devices and people rely on them for email, pictures or social media.Plugging into a public charger that has been compromised by attackers can lead to data can be stolen without the person\’s knowledge. This potentially can lead to identity theft, spear phishing attacks and damage to your personal reputation.
Using a portable charger reduces the risk of losing your data while still keeping your device charged. The cost of a portable charger is far less than the cost of losing your identity, personal pictures or your reputation by using a public charging station.
Add a portable charger to your diaper bags, backpacks or your travel bags to avoid unnecessary use of a public charger. People need to be their own human firewalls for their smartphones and avoid the public chargers by carrying a portable charger.
The risks associated with public USB charging ports has been known for some time. Although, there is no real evidence to suggest it is a likely attack method beyond a proof of concept. For many criminals, tampering with a public charging port can be a risky proposition which is not worth the effort. Setting up a malicious wifi hotspot is a far more effective way to intercept traffic in public places.
At most the compromising of USB ports may be a tactic used to target specific individuals, executives, or politicians. But for that group of people, there should already be countermeasures already in place for a broad range of attacks.
For people that are worried about this kind of attack, an alternative could be to use public USB charging ports to only charge an external battery pack, and then use that to charge their device so that the device is never directly connected to the USB port.