The Federal Bureau of Investigation (FBI) has recently issued a cautionary message to consumers, advising against the use of public phone charging stations due to the potential risk of malware infections. The FBI’s Denver branch highlighted this issue in a recent tweet, indicating that cybercriminals have been exploiting public USB ports, such as those found in shopping centres and airports, to disseminate harmful software and spyware. The FBI, however, did not provide any specific instances to illustrate this concern.
In the tweet, the FBI urged consumers to carry personal chargers and USB cords, and to opt for electrical outlets instead of public charging stations. This advice comes as a response to the increasing reliance on these public facilities, particularly when devices are running low on battery power.
Security experts have been voicing concerns about this potential risk for several years. In fact, the term “juice jacking” was introduced in 2011 to describe this specific type of cyber threat. Drew Paik, who previously worked at security firm Authentic8, explained the concept to CNN in 2017. He stated that merely connecting your phone to a compromised power strip or charger could infect your device, jeopardizing all your data.
The charging cord used for your phone also serves as a conduit for data transfer between your phone and other devices. For example, when you connect your iPhone to your Mac using the charging cord, you can transfer photos from your phone to your computer. If a USB port is compromised, a hacker could potentially gain unrestricted access to your data, including your emails, text messages, photos, and contacts, as Paik further elaborated to CNN.
Vikki Migoya, the public affairs officer at the FBI’s Denver branch, communicated to CNN that the FBI routinely issues reminders and public service announcements in partnership with other organizations. According to Migoya, this particular warning was intended to encourage the general public in the United States to remain vigilant and safe, particularly while travelling.
The Federal Communications Commission (FCC) also echoed this warning in an updated blog post. It pointed out that a corrupted charging port could provide an opportunity for a malicious actor to either lock a device or extract personal data and passwords. The FCC blog post further warned that in some instances, criminals may deliberately leave cables plugged into charging stations. There have even been reported cases of infected cables being distributed as promotional gifts.