You are here

HomeJohn Lister › 'Juice Jacking' Warnings May Be Overblown

'Juice Jacking' Warnings May Be Overblown

John Lister's picture
by John Lister on May, 5 2023 at 01:05PM EDT

An FBI branch has warned people not to use free USB charging points as they could spread malware. The agency says it's safer to use a charger plug and power outlet. However, the FCC notes that while such attacks are technically possible, there's no evidence of it actually happening.

The FBI Denver Officer posted on Twitter: "Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead."

The fear in this case is about so-called "juice jacking". That's a term that's been around for more than a decade, with security writer Brian Krebs claiming credit for the phrase. (Source: krebsonsecurity.com)

2011 Warning

The theory is that an attacker could tamper with (or replace) a USB port to install malware on a phone. However, it's unclear if the FBI advice is based on anything changing in the hacking community's capability. Instead, it may simply be repeating warnings following security conference demonstrations many years ago.

The vulnerabilities exposed by those demonstrations have largely been countered by changes to major phone operating systems. Most phones will now, when connected through a USB cable, run in a charging-only mode by default. Users will need to explicitly choose an option to transfer data or allow remote access to the handset.

While the risk level of connecting to public USB ports is at worst uncertain, there are still a few options for people who want to minimize whatever risk does exist. One, as suggested by the FBI, is to carry a charging plug and connect to AC power. Others include carrying a power bank or switching a device off before connecting to a USB charger. (Source: fcc.gov)

USB 'Condoms' Available

It's also possible to buy USB cables that only carry power and cannot transmit data, though that's not exactly an efficient use of space in your pocket or bag. Another option is to carry a normal USB cable but also buy a USB data blocker.

This is a small device that plugs on to the end of a USB cable and disables the data pathways, thereby turning it into a power-only cable. The design, and the fact it's meant to block nasty things spreading, has earned it the nickname "USB condom."

What's Your Opinion?

Do you put much stock in warnings about "juice jacking"? Would you happily plug your phone into a USB charging port? Do you take any measures to protect against potential attacks?

Filed under:
Security
| Tags:
usb cable
,
charging
,
fbi
,
usb condom
,
data blocker
,
public charging
Rate this article: 
Average: 5 (5 votes)

Comments

matt_2058's picture

Submitted by matt_2058 on Fri, 05/05/2023 - 20:06

This says it all...

"The FBI Denver Officer posted on Twitter: "Avoid using free charging..."

Not to say it's not a threat or can't be done, but if it were that serious, wouldn't you think the FBI would make an announcement from it's HQ instead of a single officer cautioning through Twitter alone?

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.