The days of mobile phone batteries that lasted for days ended with the move to smartphones — and now even the most cautious of us have one eye on the battery metre at all times.
Any opportunity to top up is welcome, but the FBI’s Denver office has tweeted a warning to smartphone owners to avoid using free public charging stations. It says there’s a risk of your phone getting more than just a boost to the battery.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
“Avoid using free charging stations in airports, hotels or shopping centres,” the tweet reads. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.
“Carry your own charger and USB cord and use an electrical outlet instead.”
The theoretical risk of public chargers passing malware to devices has been known for over a decade. Dubbed “juice jacking” by security researcher Brian Krebs all the way back in 2011, it works because phones are designed to accept both power and data via the charging port. In other words, if it’s not your cable, you don’t know what surprises it might supply.
Jake Moore, Global Cybersecurity Advisor at ESET, says the risk from such attacks is “extremely low”, but that’s no reason not to take extra precautions.
“I just recommend people get into a habit of having a charger on them whenever they go out for a long period of time,” he tells the Evening Standard.
“When charging cables are plugged into a device, they are usually asked whether or not the user trusts it, but most people have created a habit to simply click ‘trust’. Special malware abuses this and can be designed to access all personal data on a phone and extract it including contacts, photos, messages and even control the camera.”
And anyone believing that their use of the Apple iPhone and its closed ecosystem protects them from such attacks should think again, Moore says.
“In the past, Android phones have been more frequently targeted in these types of attacks, but any phone or tablet has the potential of being attacked, especially if there is a vulnerability that hasn’t been patched,” he says. “It therefore remains safer to use your own charging cable as you can be sure it won’t have been tampered with.”
It’s not the first time the FBI has warned people to amend their behaviour with technology. In December, the agency advocated computer users adopt ad-blockers as a defence against scam adverts linking to malicious content.