Airport and hotel charging stations are convenient when your phone or laptop is dying, but these are places where it is possible to run afoul of hackers.
The Los Angeles County district attorney's office is warning travelers about a USB charger scam called "juice jacking."
"A free charge could end up draining your bank account," Luke Sisak, a deputy district attorney, said in a video posted online.
Juice jacking happens when unsuspecting users plug electronic devices into USB ports or use USB cables that have been loaded with malware. The malware then infects the devices. Hackers can read and export data, including passwords, and even lock up the gadgets.
Cybersecurity expert Liviu Arsene cautioned against using USB cables found already plugged into charging stations or even those given away as promotions. Arsene works for BitDefender, a Romanian cybersecurity and anti-virus software company.
"You can easily brand these things so you can make it look like any other cable," he said. But it isn't just cables that pose a risk; it's the ports, too.
Like scammers who steal debit card numbers by putting illegal card-reading devices, or skimmers, on ATMs, hackers can rip out USB ports and replace them with their own malicious hardware, said Vyas Sekar, a professor at CyLab, a security and privacy research institute at Carnegie Mellon University.
The district attorney's office suggests these defenses: carry your own charging wires, only charge directly from an electrical outlet and only use portable chargers bought from known vendors. Sekar said consumers could also use "USB condoms," devices that attach to a USB cable. They let the device charge, but don't let the cable send or receive data.
According to Snopes.com, while juice jacking is possible there's no evidence it has become widespread.
ActiveStyle on 11/25/2019