Public charging stations are everywhere now. You can plug in your smartphone, tablet or other electronic device to charge its batteries. But even though these stations look safe, the FBI recently released a warning cautioning users about using them. “Avoid using free charging stations in airports, hotels or shopping centers,” the Bureau said on Twitter recently. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.” The tweet came from the FBI’s Denver office, which didn’t identify any recent incidents that could have prompted the warning, saying it was just a regular reminder.
Hackers have developed a way to steal or compromise people’s personal data through the USB ports in public charging stations. This type of attack has been called “Juice jacking,” and though it doesn’t seem to be very common it’s important to know the risks of plugging your devices on these stations, and how to avoid being “jacked.”
What is Juice jacking?
Juice jacking is a type of cyberattack in which a hacker manages to steal data from a smartphone, tablet or other electronic devices while it’s being charged in a public charging station. The hackers manipulate the USB charging port, which can transfer data besides charging the device. That way they can install malware on the device, lock it or steal personal data, and other sensitive information, such as passwords, credit card information, or contacts, which are sent to the perpetrator. After that, they can use it to access online accounts or sell it to other bad actors.
With the rising popularity of public charging stations which are now found in airports, shopping malls, and train stations, more people are at risk of being a victim of a cyberattack of this kind. The hackers alter the charging station and disguise it as a legitimate one, which makes it difficult for users to detect the risk. Many may know the risk but still charge their phone out of necessity. In some cases, criminals leave cables at the stations, or some may even give infected cables as a promotional gift, according to a consumer warning made by the FCC in 2021.
How to prevent it?
The FCC gave some recommendations to avoid becoming a juice jacking victim:
Do not use USB charging stations
The best way to prevent juice jacking is not using public charging stations, and use an AC power outlet instead. The problem is that some smartphones are sold without an AC power adapter, and they could be expensive, which makes some people stick to USB charging. Also, some power stations may not have AC power outlets.
Use your own AC, car chargers and USB cables
When you are traveling, make sure to bring your own cables and adapters, and never use one that’s not yours. As the FCC points out, some hackers give away manipulated cables or leave them at stations. It may seem easy to just plug our devices on them, but there’s a strong risk of being hacked.
Use a portable charger or external battery
External and portable batteries are everywhere now, and they’re useful for people who use their smartphones for several hours. It’s an extra expense, but it’s a safe way to avoid being “juiced.”
Use a charging-only cable
USB ports have the capacity to charge the device battery and transfer data. There are charging-only cables that prevent data from sending or receiving while charging. Get one from a trusted supplier and use it when you want to use a public charging station.
There are devices nicknamed “USB condoms.” They are Data Blockers and work similarly to charging-only cables. Most of them are small adapters in which you plug in your cable, and then you connect them to a USB port, without the risk of having your data stolen. It’s important to acquire these devices through a trusted supplier, because they can also be manipulated and used for hacking your smartphone, tablet, or others.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition