Most people would rather their spouse get sucked out of an airplane window after an engine exploded and obliterated the glass than have their phone die when they’re traveling. That’s why so many people are lining up like hogs at a trough whenever there is a phone charging station at the airport. While the airport phone charges can supply you have enough juice to squeeze out four more tweets about how much you hated the Game of Thrones finally, it also could put your personal information in jeopardy.
Those USB power charging stations at the airport can be hacked so that they steal data from phones using it to charge. In a tech theft called “juice jacking,” cybercriminals can reportedly use the USB plugs to download your data and install malware without you knowing.
“Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth,” Caleb Barlow, Vice President of X-Force Threat Intelligence at IBM Security told Forbes. “You have no idea where that thing has been. And remember that USB port can pass data.” So you’re not supposed to use toothbrushes you find on the side of the road?
Security experts suggest that you avoid any public charging stations completely and utilize a portable battery pack or power bank to recharge your smartphone. But if you insist on using public charging stations, experts suggest using a Juice-Jack Defender. This device prevents data exchange through the USB cable by blocking access to the data pins and only exchanging power and not data. The dongle costs as low as $7.
Barlow also warned that you should never use phone accessories that you find in public. Apparently, hackers are purposely leaving around phone accessories such as chargers and USB sticks that have malware built into the charger.
“Let’s say I’m a bad guy. I go into an airport. I’m not going to easily take apart the charging station but it’s easy to just leave my cord behind,” Barlow explained. “Now, if you see an Apple charging cord, you’re likely to grab it or just plug into it. But inside this cord is an extra chip that deploys the malware, so it charges your phone but now I own your computer.”
Barlow said that corporate hackers could use this strategy as a trojan horse to infiltrate a corporation’s computers and steal business secrets. “A lot of companies now are banning the use of USB storage devices because at the end of the day they’re dangerous,” Barlow revealed. “If you want to get into a company, go buy a couple hundred USB sticks and cast them around in places where you know company will go. Guaranteed, one of them will get plugged into a company laptop.”
So there you go, never stick someone else’s dongle into your slot or you might get infected.