USB Charging at Public Stations Carries Serious Risk to Device Security: FBI
The Federal Bureau of Investigation has advised users to refrain from using free electric charging plugs at airports, bus stops, shopping centers, and hotels due to the increasing risk of juice-jacking attacks.
Juice-jacking refers to a security attack where threat actors load malware onto publicly available USB-based charging stations through which they can access connected electronic devices as they are being charged. Hackers can also exfiltrate device data (including sensitive information such as cache, passwords, images, etc.), track keystrokes, and lock the device, among other malicious stuff.
“Don’t let a free USB charge wind up draining your bank account,” the Federal Communications Commission (FCC) warned in an advisory dated October 2021. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead,” the FBI’s Denver office tweeted.
See More: Malware Distribution via YouTube Videos Up 300%
Not only is a cyberattack possible from a USB outlet, but it can also be perpetrated through a malicious cable deliberately left near the charging station to be used by an unsuspecting victim.
The most straightforward workaround for juice-jacking is to avoid plugging your device into a USB charging station and use a charger in an AC power outlet. Users can also carry a portable charger or external battery during their travels, stays, commutes, etc.
In an emergency, users can leverage a charging-only cable with a USB data blocker, prohibiting data transfers while charging.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Image source: Shutterstock
MORE ON CYBERSECURITY
