"Juice Jacking" Alert: FBI Warns Of Bad Public Charging Ports

April 11, 2024

The FBI has advised the public to avoid using public USB charging ports in places like airports and shopping centers. The warning follows reports of "bad actors" utilizing often-used public USB ports as an entry point for loading malware and spyware onto connected electronic devices.

The Bureau urged the public to carry their own chargers and USB cords and to utilize electrical outlets to charge their devices and not USB charging ports.

Cybersecurity experts have previously cautioned about the dangers of criminals loading malware onto public charging stations to gain unauthorized access to devices. https://ca.movies.yahoo.com/movies/fbi-warns-against-using-public-170616785.html (Mar. 07, 2024).

Commentary

As noted in the above source, the FBI has flagged an increase in internet scams that has led to Americans losing $10.3B. "Juice jacking" is just one of the many crimes that has led to the billions lost.

Juice jacking involves modifying public USB charging stations with hardware or software that can install malware on devices once a user is connected.

Basically, a criminal accesses the charging station (how this is done without being spotted is a logical question) and integrates malicious software or hardware. This means the criminal actually opens the station and inserts a device that intercepts and/or modifies USB data lines or remotely installs malware if the station is part of a connected system accessible via the Internet.

When an unsuspecting user plugs a device in to charge the software, the malware activates. Because USB cables carry power and data, the malware can be transmitted alongside the electricity.

The malware is then installed and can be done so without consent of the user. Most operating software assumes USB connections are safe so no consent is required - zero warning or even hint of risk.

Once in, criminals can then execute a variety of malicious functions. This could include stealing personal data such as passwords, banking information, contacts, and emails, or installing further malicious applications or hijack the device for other purposes.

The good news is the fix is simple.

Do not use public USB charging ports. Instead use electrical outlets (which do not carry data) or charge your device using your own portable battery instead of a public port.  If that doesn't work for you, consider purchasing USB cables that only conduct power and do not transmit or accept data.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Ask Jack: Is AI A Threat. . . Now?

For months, experts have predicted that artificial intelligence (AI) will change the cyber defense landscape. Jack details a report that states it is now here.

Data Compliance Audit: A Double-Edge Sword When Defending Data Security Claims

A new report claims a surge in ransomware attacks. Compliance audits are necessary to limit risk, but there is a dark side to audits if organizations are not ready to comply.

"Juice Jacking" Alert: FBI Warns Of Bad Public Charging Ports

In an unusual move, the FBI warns the general public to stay clear of public USB charging ports. We explain why "juice jacking" is a threat.