Airports, hotels, and other high traffic areas have begun to increasingly offer public USB power charging stations to give people a convenient means of recharging their favorite devices.
Unfortunately, things are not working out quite according to plan.
Naturally, hackers around the world have taken note, and regard such easily accessed terminals as juicy targets and low hanging fruit. According to a security alert published by the Los Angeles District Attorney’s office, many of these stations have been compromised, and using them could expose you to malware. This type of attack even has its own name: Juice Jacking.
In recent years, several proofs-of-concept have been created that demonstrate how these charging stations can be taken over by hackers and used to distribute malware to anyone foolish enough to plug into them. Of these, the worst of the lot was proudly displayed at the 2013 Black Hat security conference. In that case, it was a malicious charger that could deploy malware on any iOS device.
Just a handful of years later, in 2016, Samy Kamkar raised the bar with an Arduino-based device he dubbed “KeySweeper.” By all outward appearances, it was just a USB wall charger. However, it wirelessly and passively sniffed, decrypted, logged, and reported back all keystrokes from any Microsoft wireless keyboard in its vicinity.
While these two were the most prominent examples of the kinds of havoc hackers can cause on this front, there are many others. To try and get a handle on the problem, the LA District Attorney’s Office issued a security bulletin that recommended the following tips to all travelers:
- Use AC power outlets only, not USB charging stations
- Take AC and car chargers with you when traveling because you know and trust them
- Consider buying a portable charger for emergency use
Good advice. If you’re a frequent traveler, these tips are well worth incorporating into your travel preparation plans.