The FBI has issued a warning to consumers against using public phone charging stations in order to avoid exposing their devices to malicious software. Public USB stations, like the ones found at malls and airports, are being used by bad actors to spread malware and monitoring software, according to a tweet from the FBI’s Denver branch. The agency did not provide any specific examples. “Carry your own charger and USB cord and use an electrical outlet instead,” the agency advised in the tweet.
While public charging stations are attractive to many when devices are running critically low on battery, security experts have for years raised concerns about the risk. In 2011, researchers coined the term “juice jacking” to describe the problem. “Just by plugging your phone into a [compromised] power strip or charger, your device is now infected, and that compromises all your data,” Drew Paik, formerly of security firm Authentic8, explained to CNN in 2017.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T— FBI Denver (@FBIDenver) April 6, 2023
“The FBI regularly provides reminders and public service announcements in conjunction with our partners,” Vikki Migoya, public affairs officer at the FBI’s Denver branch, told CNN. “This was a general reminder for the American public to stay safe and diligent, especially while traveling.” The Federal Communications Commission also updated a blog post on Tuesday warning that a corrupted charging port can allow a malicious actor to lock a device or extract personal data and passwords.
Here are some steps you can take to protect yourself from juice jacking:
Protect the passcode
The first step is protecting the passcode. An Apple spokesperson told CNN people can use Face ID or Touch ID when unlocking their phone in public to avoid revealing their passcode to anyone who might be watching. It’s important to note, however, this type of takeover is hard to pull off. It requires a criminal to essentially watch an iPhone user enter the device’s passcode — for example, by looking over their shoulder at a bar or sporting event — or manipulate the device’s owner so they’ll share their passcode. And that’s all before they physically steal the device.
Screen Time settings
Another step someone could consider is a hack not necessarily endorsed by Apple but one that’s been circulating online. Within an iPhone’s Screen Time setting, which allows guardians to set up restrictions on how kids can use the device, there is the option to set up a secondary password that would be required from any user before they could successfully change an Apple ID. By enabling this, a thief would be prompted for that secondary password before changing an Apple ID password.
Back up phone regularly
Finally, users can protect themselves by regularly backing up their phone. This can be done through iCloud or by connecting the phone to a computer and using iTunes. If a thief does manage to lock you out of your phone, you can restore your data from a backup.
While the risk of juice jacking is relatively low, it’s still important to take steps to protect yourself. Protecting your passcode, enabling Screen Time settings, and regularly backing up your phone are all ways to safeguard your data and prevent unauthorized access. By taking these steps, you can help ensure that your phone remains secure and your personal information stays private.