We have learned about the dangers of airport WiFi, but something else people are often seeking in airports is a place to charge their devices.
Charging your device in public using a handy USB public charging station is potentially riskier than most would appreciate. Being infected by malware or ransomware secreted in a charging station is now so possible that it has a name—“juice jacking.” So, lawyers, with client information on their phones, tablets, and laptops, should never use public USB charging stations.
The Los Angeles County District Attorney’s Office has sent out a fraud alert discouraging travelers from using USB charging stations. The DA recommends using AC outlets to recharge in public and traveling with portable batteries and multiple AC charger plugs, so you will never be forced to rely on a public USB charging station.
Several proofs-of-concept devices that do this have been demonstrated at security conferences. The ways to do this range from the complex to the simple. Some of these involve loading malware on a public charging station. But other ways are simple and cunning. Phone chargers consist of a cable and power adapter. As an iPhone user, if I have the cable but no “cube” with me, I then must recharge via USB rather than AC. If I am working on my computer, the computer USB ports can provide me with a safe way to recharge. But on the road, it is more challenging. Personally, I always travel with several portable batteries and try to remember to charge them before a long road trip. Not everyone does that. Lawyers should.
But according to a recent article on ZDNet.com, wrongdoers could now leave power adaptors loaded with malware in AC outlets in airports and other public locations. These appear to have been abandoned by accident. Innocent travelers wouldn’t think twice about using one of these, especially when there is no other open USB charger port handy. Not-so-innocent travelers may decide someone else’s loss is their gain and take the newfound power adaptor with them. Users’ devices will be compromised with ransomware or spyware that may transfer out confidential information. According to the same article, microcontrollers and electronic parts are so tiny today that a mini-computer or malware could be hidden inside a USB cable itself.
At this point, there is no evidence this problem has become widespread. But the potential is noteworthy. There are sophisticated countermeasures one can purchase, such as USB cables specially altered to be no-data transfer cables or protective devices nicknamed “USB condoms.”
Rather than purchasing special equipment, the simple solutions are the best. Some good habits to develop are:
1. Never use any public USB charger.
2. Always travel with your AC charger and cable. (I keep an extra in my computer bag.)
3. Own portable battery chargers and remember to charge them before traveling.