The FBI is now advising travelers to avoid using public charging ports in airports, shopping centers, and other public locations for their mobile devices because of potential cyberthreats. On April 6, 2023, the FBI’s Denver office issued the following statement in a tweet: “Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”
This type of cyberattack vector is known as “juice jacking,” where threat actors gain access to mobile devices via a USB charging cable plugged into your mobile device while traveling and using third-party charging stations located in high-travel areas like airports and hotels. This attack vector concept was demonstrated over a decade ago in Las Vegas during the Black Hat/DEFCON hacking conference. This type of attack, if successful, could introduce malware onto your mobile device and steal the data stored on your mobile device (such as contacts, credit cards, and other sensitive data) or allow monitoring software to be installed on mobile devices through these public USB ports.
After this conference, Apple (iOS)1 and Google (Android)2 both implemented the “Trust or Not” pop-ups into both iOS and Android operating systems. See below:
Source: apple.com
These changes to both Apple’s iOS3 and Google’s Android OS4 have stopped the juice jacking threats in their tracks. The real risk would be if you “Trusted” a charging station that presents your phone with this type of pop-up, which would be the first sign you should unplug your phone from that specific charging station too. If presented with an options pop-up, you should select “charge only.”
How to Protect Your Data
While there have not been any reports of this happening in the wild, it’s good cybersecurity hygiene to be self-sufficient when traveling in regard to mobile device power needs. The need for your mobile device(s) to be constantly charged weighs heavily on every traveler. We recommend investing in a portable power bank to use while traveling. Owning a personal power bank will allow you to recharge your mobile devices while traveling, eliminating the need to find a place in an area like a crowded airport where ports may be in full use.
Using your power bank also will allow you to be self-sufficient while practicing good cyber hygiene. If you don’t have a power bank, use electrical outlets to plug in your equipment and charge your devices. You also could invest in a USB power-only cord for an added security protection layer should you need to use a USB power station located in a public area.
Our cybersecurity team is here to help keep you in the know. If you have any questions or need assistance, please reach out to a professional at Forvis Mazars or submit the Contact Us form.
- 1“About the ‘Trust This Computer’ Alert Message on Your iPhone, iPad, or iPod Touch,” support.apple.com, 2023
- 2“How Do I Keep Files From Transferring From My Tablet to My Laptop (and Vice Versa) if All I Want to Do Is Use the USB Port to Charge My Phone?”, quora.com
- 3“Apple Fixing Bug That Allows Fake Charging Stations to Hack iPhones,” reuters.com, July 31, 2013
- 4“New Android 4.2.2 Feature: USB Debug Whitelist Prevents ADB-Savvy Thieves From Stealing Your Data (in Some Situations),” androidpolice.com, February 12, 2013