Public USB ports have become increasingly common in recent years, as the number of mobile devices has proliferated. But while battery power can often dwindle annoyingly while you’re in a public place, using these USB ports could be riskier than you think.
Public USB ports
The LA County District Attorney’s office has this week issued a warning that public USB ports represent security concerns for mobile users. In fact, the dangers of public USB ports have already been publicized, but this prominent warning will raise the profile of the issue once more.
As the LA County DA noted, public USB ports are vulnerable to hacking, meaning that they can install malware on to a phone or other mobile device, without the user realizing that there is a problem.
This technique of targeting public USB ports is referred to as juice-jacking in the hacking community, and could result in a significant amount of your data being stolen. Hackers can gain access to passwords and personal information, and thus untold damage can be done to both your identity and personal finances if your fall victim to a juice-jacker.
So if you do absolutely have to use a public USB port, it is advisable to take certain precautionary measures. The best way to ensure that no malware is downloaded is to disable port access to data on your device. Many devices will automatically prompt you to state whether or not you trust the device in question when you connect to a foreign USB charging port.
And there are other options available as well. It is perfectly possible to plug your phone into a tablet or laptop, and then plug your own device into an AC outlet. This will charge your device perfectly adequately, without making it vulnerable to malware.
Portable batteries are also worth investing in, as these can prevent the need for recharging in the first place.
USB power charging stations may seem completely benign, but reports of cybercriminals learning how to tap into USB connections have emerged over the last few years. This has enabled some of the world’s most talented hackers to deliver malicious payloads to unsuspecting mobile users.
Black hat demonstrations
Indeed, such attacks have been demonstrated at Black Hat security conferences, and the techniques available to parties have clearly advanced since the concept was first introduced in 2013.
The LA District Attorney’s warning, entitled “USB Charger Scam”, provides detailed information on the various ways that criminals can use public USB ports in order to infect mobile devices. The guidance from the LA County DA reads: “Travelers should avoid using public USB power charging stations in airports, hotels and other locations because they may contain dangerous malware…The malware may lock the device or export data and passwords directly to the scammer.”
Recent estimates on cybercrime suggest that this growing nefarious activity may cost the planet as much as $6 trillion by the end of 2021.