FBI says stop using free public charging ports – here’s why and what you should use instead
The US domestic intelligence and security service said hackers “have figured out” how to use them to infect devices with malware and other monitoring software.
“Carry your own charger and USB cord and use an electrical outlet instead,” said its Denver branch.
The tweet was timed for the Easter weekend, when many Americans travelled to see friends and family, but is not believed to have related to a specific increase in the threat level.
But just how careful should you be about charging your phone while out and about? And how should you stay safe while keeping your device powered up?
Sky News sought out some advice.
How are public charging points dangerous?
Cybersecurity experts speak of two main methods of “jacking” that target those using public USB ports.
The first is “juice jacking”, which sees criminals load malware on to public charging stations to maliciously access devices while they are being charged.
This malicious software might then be used to steal account credentials, financial information and other details.
Another is “video jacking”, where equipment hidden in a compromised charging point records footage of everything happening on a device while it’s plugged in – from entering passwords to writing emails.
Muhammad Yahya Patel, lead security engineer at Check Point, told Sky News these public charging stations were rarely checked for signs of tampering.
“That’s what criminals are tapping into and relying on,” he said, “so it’s really important to be aware – and yes, it’s definitely good advice to avoid public USB charging ports altogether.”
What about regular plug points?
While USB ports are increasingly a fixture of public charging stations, regular plug points are a much safer bet.
That’s because USB cables are designed for data sharing as well as powering up a device – it’s why most phones should prompt you with a “do you want to trust this device?” message when you plug in via USB.
Mr Patel said it was “extremely unlikely and difficult” to perform a malware attack via a normal three-pin socket, which only provide power.
The same applies to devices like tablets, laptops, and portable games consoles, which increasingly are adopting the same USB-C charging standard.
What else can I do to stay safe?
If you can afford to bring some extra tech with you while on the move, there are some safer options for keeping your devices charged.
Power banks and battery packs are becoming increasingly portable and affordable.
The FBI has recommended that people travel with a charging-only cable, which would prevent any data from being received or sent while charging.
Mr Patel said data-blocking cable add-ons can essentially apply the same buffer to any other cable – they are essentially adapters that look a bit like retro USB thumb sticks.
“You could also have some additional protection just by keeping your device locked while plugged in,” he added.
Are the risks going to increase?
While the FBI’s tweet was a standard public service announcement, experts have warned that cyber criminals are becoming more and more adept at targeting our data.
Mr Patel said the potential rewards for any hacker were only getting greater as more of us siphon off more of our personal and work lives on to our devices.
“We’re seeing blurred lines now with a lot of people using their personal device for work purposes, or even have a separate work phone, and so there’s that additional risk to businesses,” he said.
“If data is captured from that device, that might be a risk to the organisation you work for as well as your own data, which is why it’s important that people are well aware.
“Don’t plug in if you don’t know or trust where it’s come from.”