The FBI is warning people not to use public phone charging stations as hackers have been taking advantage of the situation to infect connected devices with malware.
“Avoid using free charging stations in airports, hotels or shopping centers,” said FBI Denver in an April 6 Twitter post. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”
Malware is software designed to gain unauthorized access to devices like mobile phones and laptops. Once hackers gain access, they can manipulate the device’s tools and apps for their own personal gain or disrupting the original user’s life. Criminals can track keystrokes, get a hold of personal information, and commit identity fraud, as well as use financial information to steal funds, among other activities.
When bad actors use dirty USBs at public charging stations to infect devices with malware, it is known as “juice jacking.” At present, many malls, airports and public convenience stations have charging stations which are used regularly by commuters. The federal agency has recommended consumers to carry their own USB cables and charging plugs, and use AC electrical outlets.
The Federal Communications Commission (FCC) has also advised consumers against the dangers of public USB charging stations.
Charging devices at public places could have “unfortunate consequences,” said the FCC in an advisory.
“Cybersecurity experts have warned that criminals can load malware onto public USB charging stations to maliciously access electronic devices while they are being charged. Malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can use that information to access online accounts or sell it to other bad actors,” the FCC said.
“In some cases, criminals have left cables plugged in at the stations. Fraudsters may even give you infected cables as a promotional gift,” said the statement.
For a majority of devices, including Android and Apple, the power supply and data transfer pass through the same cable. When the mobile device connects to the charging cable, it pairs with the device and establishes a trusted relationship, which applies to data transfer. During the charging process, hackers open a pathway into the device, using the USB connection, which they subsequently exploit.
During peak travel seasons, officials generally issue the guidance to avoid using public charging stations. With the proliferation of recent hacking attempts, the advisory has only increased in relevance.
Many people assume that charging for a few seconds will not be a cause for concern. However, “crawling programs” can breach devices, search for essential information—like personal and financial data, credit card information, and bank details—and copy them to the hacker’s system within seconds.
Other types of malicious software can clone the entire device. Cybercriminals use this data or sell it on the dark web for profit. The data can also be used by other bad actors for social engineering campaigns and other purposes.
Hackers can do this all at once or gradually over time. The device’s original user might not even realize their phone or laptop is infected. After the malware is installed, the hacker can track the GPS, observe financial transactions, gather gallery data such as photos and videos, maintain call logs, and monitor social media interactions.
In short, the hackers will have everything to impersonate the individual.
Once the malware is installed, hackers can control the devices and install ransomware. In this scenario, the user needs to pay money in order to regain access to their device, and hackers can use one device to gain access to other connected devices.
Some of the telltale signs which indicate that a device is infected with malware are if the device consumes more battery life than usual, operates at a slower speed, takes much longer to load, and crashes frequently from abnormal data usage.
Always keep the device updated with the latest software as operating system providers include the latest patches for any bugs with each update. Use electrical sockets to charge phones, tablets and laptops, and people who need to use their phones constantly should carry around a suitable portable power bank.