"Juice Jacking" Alert: FBI Warns Of Bad Public Charging Ports

April 11, 2024

The FBI has advised the public to avoid using public USB charging ports in places like airports and shopping centers. The warning follows reports of "bad actors" utilizing often-used public USB ports as an entry point for loading malware and spyware onto connected electronic devices.

The Bureau urged the public to carry their own chargers and USB cords and to utilize electrical outlets to charge their devices and not USB charging ports.

Cybersecurity experts have previously cautioned about the dangers of criminals loading malware onto public charging stations to gain unauthorized access to devices. https://ca.movies.yahoo.com/movies/fbi-warns-against-using-public-170616785.html (Mar. 07, 2024).

Commentary

As noted in the above source, the FBI has flagged an increase in internet scams that has led to Americans losing $10.3B. "Juice jacking" is just one of the many crimes that has led to the billions lost.

Juice jacking involves modifying public USB charging stations with hardware or software that can install malware on devices once a user is connected.

Basically, a criminal accesses the charging station (how this is done without being spotted is a logical question) and integrates malicious software or hardware. This means the criminal actually opens the station and inserts a device that intercepts and/or modifies USB data lines or remotely installs malware if the station is part of a connected system accessible via the Internet.

When an unsuspecting user plugs a device in to charge the software, the malware activates. Because USB cables carry power and data, the malware can be transmitted alongside the electricity.

The malware is then installed and can be done so without consent of the user. Most operating software assumes USB connections are safe so no consent is required - zero warning or even hint of risk.

Once in, criminals can then execute a variety of malicious functions. This could include stealing personal data such as passwords, banking information, contacts, and emails, or installing further malicious applications or hijack the device for other purposes.

The good news is the fix is simple.

Do not use public USB charging ports. Instead use electrical outlets (which do not carry data) or charge your device using your own portable battery instead of a public port.  If that doesn't work for you, consider purchasing USB cables that only conduct power and do not transmit or accept data.

 

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Ask Jack: Are Malicious Pop-Ups A Serious Cyber Threat?

Malicious pop-ups are making a comeback. Jack explains why you don't have to panic.

Alleged Breach Of State Medical Waste Regulations Leads To Multi-Million Loss

Federal agencies and state law govern the disposal of hazardous waste, medical waste, patient information, and more. One testing group will pay a hefty settlement. We examine.

RiskTrends™ Podcast: Could The New California Anti-Violence Law Be The Future?

In a new podcast, McCalmon attorneys discuss a new California law that requires most employers make a customized plan by July 01, 2024, to curb workplace violence.

Better To Audit Sooner Than Later To Prevent Catastrophic Theft Loss

A former school district tax collector diverted a school district's tax payments into her account. Learn prevention steps.

Is Force Needed To Get Employees Back To The Office? You Make The Call

Many employers have become more punitive in requiring employees to work in-office at least some days. Has your organization? You make the call and join the conversation.