"Juice Jacking" Alert: FBI Warns Of Bad Public Charging Ports

The FBI has advised the public to avoid using public USB charging ports in places like airports and shopping centers. The warning follows reports of "bad actors" utilizing often-used public USB ports as an entry point for loading malware and spyware onto connected electronic devices.

The Bureau urged the public to carry their own chargers and USB cords and to utilize electrical outlets to charge their devices and not USB charging ports.

Cybersecurity experts have previously cautioned about the dangers of criminals loading malware onto public charging stations to gain unauthorized access to devices. https://ca.movies.yahoo.com/movies/fbi-warns-against-using-public-170616785.html (Mar. 07, 2024).

Commentary

As noted in the above source, the FBI has flagged an increase in internet scams that has led to Americans losing $10.3B. "Juice jacking" is just one of the many crimes that has led to the billions lost.

Juice jacking involves modifying public USB charging stations with hardware or software that can install malware on devices once a user is connected.

Basically, a criminal accesses the charging station (how this is done without being spotted is a logical question) and integrates malicious software or hardware. This means the criminal actually opens the station and inserts a device that intercepts and/or modifies USB data lines or remotely installs malware if the station is part of a connected system accessible via the Internet.

When an unsuspecting user plugs a device in to charge the software, the malware activates. Because USB cables carry power and data, the malware can be transmitted alongside the electricity.

The malware is then installed and can be done so without consent of the user. Most operating software assumes USB connections are safe so no consent is required - zero warning or even hint of risk.

Once in, criminals can then execute a variety of malicious functions. This could include stealing personal data such as passwords, banking information, contacts, and emails, or installing further malicious applications or hijack the device for other purposes.

The good news is the fix is simple.

Do not use public USB charging ports. Instead use electrical outlets (which do not carry data) or charge your device using your own portable battery instead of a public port.  If that doesn't work for you, consider purchasing USB cables that only conduct power and do not transmit or accept data.

 

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

IRS Warns HR And Payroll Departments About The "New Client" Scam

The IRS lists its "dirty dozen" of online scams series. The first involves the "new client" scam. Here is the warning.

Cybercriminals: Now Targeting Apple Users

Apple devices are emerging as a new target for cybercriminals who are using proven social engineering tricks. What steps can users take to limit their risk?

Ask Jack: Why Shouldn't I Use My Work Computer For Online Games?

Kids like to game on any device. Work devices are no exception. Jack explains why games should not be played on work devices.