The FBI is alerting consumers not to use public charging stations, warning that fraudsters could infect such machines with malware and steal their data.
In the newly released warnings, bureau officials cautioned customers to avoid using public USB charging ports in airports, malls and hotels, noting that hackers could use the opportunity to access a person’s phone or tablet.
“Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software on to devices,” the FBI’s Denver office said on Twitter recently.
The practice known as “juice jacking” was first coined in 2011 after researchers created a charging station to show the potential for hacking at such kiosks, the Washington Post reported.
The FBI and Federal Communications Commission (FCC) released similar warnings with the term in 2021.
When asked about the more recent updates, officials told Axios that the announcements were apart of a regular reminder on the issue.
It’s not clear how common “juice jacking” is, with few instances of the malware theft tactic reported publicly.
But experts have warned that complete access to a person’s phone through “juice jacking” could mean hackers having access to personal data, including credit card information.
Such data could inevitably be sold to other bad actors.
“Don’t let a free USB charge wind up draining your bank account,” the FCC website warns.
Customers have been encouraged to bring their own USB cord and plug into an electrical outlet or a portable charger.
USB-C cables and wireless chargers have also been credited as more secure options.
If someone has to use a public USB charging port, experts have said to look out for signs that a person’s phone could be tampered with, including the phone’s battery dying more quickly, overheating and changed settings.
But, overall, experts have encouraged consumers to think of their phone like a credit card and take similar protective measures.
“You don’t just go anywhere and start plopping your debit card in,” the executive director of the Cybersecurity Center at California State University at San Bernardino, Tony Coulson, said to the Post.