Smartphone batteries are bigger than ever but we spend enough time on any of them that the opportunity for a quick charge-up is something we rarely pass by. But maybe we should, at least when it comes to public charge stations. According to the FBI, they’re just plain dangerous.
It’s called “Juice Jacking,” a term coined by security expert Brian Krebs in 2011(opens in new tab), and refers to attackers hijacking charge stations in city streets, airports, and other public venues where people might casually stop and charge up one of the best smartphones. A decade later, the FBI’s Denver, Colorado, office sounded the alarm again in a tweet.
As the FBI notes, the attack can come from either the charge port or a cable that someone causally left behind.
The reason such attacks are so effective is that the USB-C, USB-3, and lighting ports are dual-purpose: they have pins for power and pins for data. When you plug your phone into a charger, it’s only using the charge pins. If you were to use a compromised charge station or cable, it might also be using the data pins. Those pins could be used to deliver a malware payload directly to your phone. After that, the infection could communicate with a hacker to track your keystrokes and even steal passwords and personal information.
While this proof of concept has been around for years, most famously used at a security conference in 2017(opens in new tab) to make a point, real-world reports of people’s handsets being hijacked after they used a public charging station are scant.
Even so, as we travel, it’s a good reminder to, well, not trust any old port. If you must use such a port, bring a cable that firmly locks out data access (it only features charge pins).
Alternatively, you can travel with a portable charger (and cable). Finally, we suggest traveling with your own charge adapter and cable and plugging your phone directly into a wall outlet, which only delivers electricity and not data.