We carry personal portable electronic devices all the time with us. Life without a smartphone is practically unthinkable these days. When you are planning to travel or be on the move for a long time, it is possible that at some point you will need to charge your devices. When your battery is running dangerously low and you do not have an option, it might be easy to simply plug into a free USB charging station like the ones found in airports, hospital lobbies, hotel lounges and the like. But, are you aware that this seemingly quick and innocent action can have far-reaching detrimental consequences? Data theft, malware injection, and juice jacking are yet new cyber-theft tactics that you may unwittingly fall victim to when you plug into a public USB charging station.
Cybersecurity experts are warning us that cybercriminals on the prowl can load malware onto public USB charging stations. While your electronic device is charging, they maliciously gain access to it. Malware that has been pre-installed corrupts the USB port and in turn, is capable of exporting personal data, including passwords to the perpetrator. It may also corrupt and lock your device. Cybercriminals who gain access to your personal information may use it with malicious intent or they may sell it to other bad actors.
Cybercriminals target unsuspecting travellers in this way. So, you should be vigilant and avoid using public USB charging stations. In this blog, we list out the risks and the best practices for using USB port charging stations.
Data theft refers to the act of stealing information that is stored on databases, devices, and servers. This form of theft is a significant risk for businesses of all sizes as well as individuals and can originate from several sources. The malicious theft of an individual’s (who may be a corporate employee as well) data usually occurs without the victims ever knowing about it, as a result of their accounts or personal devices being compromised by hackers. In this case, capitalising on insecure networks of public USB charging stations. Bad actors that gain access to systems can lurk inside networks, pretending to be legitimate users for a long till they are identified and eliminated. By remaining undetected as long as they can, they can gain additional access rights to increasingly sensitive datasets and pose a growing threat to unaware individuals and businesses.
Malware injection is a kind of cyberattack in which malicious software or viruses are injected into a legitimate software program, website, or database. Malware injection can be achieved through a variety of methods, such as command injection, file inclusion, SQL injection, and cross-site scripting (XSS). Malware injection attacks are usually difficult to detect and prevent as they often exploit vulnerabilities in software that are unknown to the victim. Once the malware has been injected, it can be used to achieve a variety of mala fide goals such as stealing or corrupting data, disrupting business operations, and executing arbitrary code on the victim’s system.
Juice Jacking
Juice jacking is a cyberattack in which a compromised public USB charging station transfers malware to, or steals personal information from a connected device. Juice jacking, also known as port jacking, is not limited only to cell phones. Any device capable of being charged via a USB plug can be compromised by this tactic. It is very possible for a cybercriminal to load malware into a charging station with a USB cord. The malware can then steal data, infect your phone with malware or totally disable your phone. Juice jacking also happens by plugging an infected cord into a charging station for someone to use.
Also read: 6 Stages of Cyberattack and Effective Cybersecurity Strategies
1. Use AC Power Outlets
When we use AC power outlets instead of USB charging stations, we avoid potential risks. When travelling, remember to pack AC chargers, car chargers, and your own USB cables. By relying on your own charging equipment, you completely eliminate the need to connect to potentially compromised public charging stations.
2. Carry your own Charger and Power Bank (External Battery)
Carrying an external battery, also known as a power bank, allows you to charge your devices without relying on public charging stations. These portable batteries are a convenient and secure way to keep your devices powered up while on the move.
3. Consider a Charging-Only Cable
A charging-only cable is a protective attachment that prevents data from being sent or received while your device is charging. These cables are designed to block connections to the data-transfer pins in the USB male connection ensuring only the power pins are utilised. This method protects your device from potential malware transmission while still allowing it to charge.
4. “Share Data” Prompts to be Avoided
When you plug your device into a USB port, you may encounter a prompt asking you to select “share data,” “trust this computer,” or “charge only.” Always choose the “charge only” option. This will prevent any data transfer between your device and the charging station. When you disable data sharing, you ensure that your device remains protected from potential malware transmission.
5. Be on your guard with Public Wi-Fi Networks
Public Wi-Fi networks can be another vulnerability that cybercriminals exploit to target travellers. Avoid connecting to unsecured networks. These be used to intercept your data or launch other types of attacks. If you must use public Wi-Fi, consider using a virtual private network (VPN). This will encrypt your internet traffic and protect your sensitive information.
6. Be Wary of Free Promotional Charging Devices
Are free promotional charging devices or cables from unverified sources being offered? Well, it is best to be cautious about them. These items may be compromised and connecting your device to them can result in security risk. Stick to trusted suppliers and reputable brands when purchasing charging equipment.
7. Always Keep Devices and Software Updated
Regularly updating your devices and software is crucial in maintaining their security. Manufacturers release updates to patch vulnerabilities and address security issues. By keeping your devices and software up-to-date, you ensure that they are armed with the latest security features and protections against emerging threats.
8. Avoid Using Leftover Chargers
Beware! Especially in public places, avoid using chargers that have been left plugged into outlets and unattended. There is a high chance that these chargers are compromised. Connecting your device to them exposes you to risk. It makes sense to always use your charging equipment or opt for reputable charging stations that have been vetted for security.
9. Spread Awareness. Educate Yourself, Family, Friends
Spread awareness about the risks of using public USB port charging stations. Keep educating family and friends on how to protect themselves. By sharing information, you can empower individuals to make informed decisions and avoid falling victim to this cyber threat. Encourage friends, family, and colleagues to follow the best practices outlined here.
10. Consider Using a USB Data Blocker
A USB data blocker is a protective device that blocks data transfer while allowing your device to charge. It is a film that acts as a barrier between your device’s charging cable and the public USB charging station, preventing any potential malware transmission. It ensures that only power is transferred, keeping your device secure.
Public USB port charging stations can be both a friend and a foe. On the one hand, they offer convenient power for devices when you're on the go, ensuring you stay connected. However, they also pose security risks when malicious actors steal data or install malware through compromised ports. To mitigate these risks, there are simple do’s and don’ts that should be kept in mind. Striking the right balance between convenience and security can help protect your personal information while keeping your devices powered.
Your email address will not be published. Required fields are marked*
Copyright 2022 SecApps Learning. All Right Reserved
Comments ()