The FBI is warning people to not use public phone charging stations as hackers have been taking advantage of the situation to infect connected devices with malware.
“Avoid using free charging stations in airports, hotels or shopping centers,” FBI Denver said in an April 6 Twitter post. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”
Malware is software designed to gain unauthorized access to devices such as mobile phones and laptops. Once hackers gain access, they can manipulate the device’s tools and apps for their own personal gain or to disrupt the original user’s life. Criminals can track keystrokes, get a hold of personal information, and commit identity fraud, as well as use financial information to steal funds, among other activities.
Juice Jacking
The Federal Communications Commission (FCC) has also alerted consumers to the dangers of public USB charging stations.Charging devices in public places could have “unfortunate consequences,” the FCC stated in an advisory.
“Cybersecurity experts have warned that criminals can load malware onto public USB charging stations to maliciously access electronic devices while they are being charged. Malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can use that information to access online accounts or sell it to other bad actors,” the FCC stated.
“In some cases, criminals have left cables plugged in at the stations. Fraudsters may even give you infected cables as a promotional gift.”
For a majority of devices, including Android and Apple, the power supply and data transfer pass through the same cable. When the mobile device connects to the charging cable, it pairs with the device and establishes a trusted relationship, which applies to data transfer. During the charging process, hackers open a pathway into the device, using the USB connection, which they subsequently exploit.
How Hackers Benefit
Many people assume that charging for a few seconds won’t be a cause for concern. However, “crawling programs” can breach devices, search for essential information—such as personal and financial data, credit card information, and bank details—and copy them to the hacker’s system within seconds.Other types of malicious software can clone the entire device. Cybercriminals use this data or sell it on the dark web for profit. The data can also be used by other bad actors for social engineering campaigns and other purposes.
Hackers can do this all at once or gradually over time. The device’s original user might not even realize that their phone or laptop is infected. After the malware is installed, the hacker can track the GPS, observe financial transactions, gather gallery data such as photos and videos, maintain call logs, and monitor social media interactions.
In short, the hackers will have everything to impersonate the individual.
Once the malware is installed, hackers can control the devices and install ransomware. In this scenario, the user needs to pay money in order to regain access to their device, and hackers can use one device to gain access to other connected devices.
Some of the telltale signs that indicate that a device is infected with malware are if the device consumes more battery life than usual, operates at a slower speed, takes much longer to load, and crashes frequently from abnormal data usage.
Always keep the device updated with the latest software, as operating system providers include the latest patches for any bugs with each update. Use electrical sockets to charge phones, tablets, and laptops; and people who need to use their phones constantly should carry around a suitable portable power bank.