Free Public Charging Ports

The FBI issued a warning on the evening of Maundy Thursday about using Free public charging ports. It stated that threat actors use public charging outlets in airports and coffee shops to inject malware and monitoring software.

As per the tweet on Twitter, the FBI said, “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.” 

Why is it Dangerous?

Two main types of “jacking” are done through public USB ports.

  1. Juice Jacking
  2. Video Jacking

Juice Jacking

Juice jacking is a method in which threat actors steal account credentials, financial or any other sensitive information from devices while they are charged. This is done by loading malware onto the public charging stations that are triggered when a device is plugged in.

Video Jacking

Video Jacking is a method in which threat actors hide equipment in public charging stations to record activities on a device while plugged in. This ranges from entering a password to writing an email or accessing a banking application with a password.

Cybercriminals use public charging stations since they are very rarely checked for threat activities.

These activities are possible because the wires we use for charging are also supported for data transfer which is why most of the devices ask for a “Do you want to trust this device?” prompt before allowing data transfer.

Muhammad Yahya Patel, lead security engineer at Checkpoint, said, “It is extremely unlikely and difficult.

You could also have some additional protection by keeping your device locked while plugged in.

We’re seeing blurred lines now with many people using their personal device for work purposes, or even have a separate work phone, and so there’s that additional risk to businesses.”

The FBI recommends carrying our adapter and charging wire to protect from these attacks. Using a power bank or battery backup is also an affordable solution. Additional solutions include using a wire that is only supported for charging instead of multipurpose.

Why do Organizations need Unified endpoint management – 

Related Read:

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.