Don't use public USB charging ports

News
By last updated

New warning about “juice jacking” attacks will make you reconsider how you charge your devices in public

(Image credit: Shutterstock)

In a recent security alert, the Los Angeles District Attorney has warned travelers to avoid charging their smartphones and other devices using public USB power charging stations as they may contain dangerous malware.

USB was designed to transfer both power and data and security researchers as well as cybercriminals have learned how to use USB connections to deliver malicious payloads to users who thought they were merely charging their devices.

Over the past few years, several proofs of concepts were created with the most notorious being Mactans, which was unveiled at the Black Hat security conference back in 2013. While the device may look like an ordinary USB wall charger, it actually has the capability to deploy malware on iOS devices.

In 2016, security researcher Samy Kamkar improved on the idea further and created an Arduino-based device called KeySweeper. The device resembled a USB wall charger and it could provide power to smartphones but it also used a wireless connection to passively sniff, decrypt and log all keystrokes from any Microsoft wireless keyboards within its range.

Malware in plain sight

The LA District Attorney's warning titled “USB Charger Scam” provided consumers information on all of the different ways criminals can use USB wall chargers and even USB cables to infect their devices.

Pluggable USB wall chargers are the most common way that consumers can fall victim to a “juice jacking” attack as a criminal could easily leave behind a malicious charger at a public place such as an airport or hotel. However, criminals now also have the capability to load malware onto public charging stations which means that public USB ports also pose a security risk.

In the same way that a charger can 'accidentally' be left behind, so too can USB cables and the O.MG Cable, which was revealed at this year's DefCon cybersecurity conference, is a recent example of how malware can now be hidden inside a USB cable itself.

To avoid falling victim to a “juice jacking” attack, LA officials recommend that travelers use AC power outlets instead of USB charging stations and that they bring their own chargers when traveling. While traveling can certainly be fun, it is also the time that consumers are most likely to fall victim to a scam or even a cyberattack.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
More about security
ThreatLocker CEO Danny Jenkins speaking at ZTW25

“It’s made our jobs harder, not easier” - ThreatLocker CEO Danny Jenkins on AI
China

Chinese hackers targeting Juniper Networks routers, so patch now
HeyGen

What is HeyGen? Everything we know about the AI video platform
See more latest
Most Popular
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Mac Studio on a desk
I compared Apple's Mac Studio M3 Ultra with 10 Windows workstations and I am truly shocked by what I found
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try