If you’re like most people we know, at some time you probably charged your phone by plugging it into a USB port. What’s the problem with doing this, you ask? Charging your smartphone by connecting it to a USB port can be dangerous. Hackers can infect your smartphone with malware or a virus and can also steal your files, passwords, and identity. They can also render your smartphone unusable – and worthless.
The issue with USB ports is that when you plug your smartphone into one, it opens up the option to move files back and forth between your smartphone and the device it is connected to. The reason for this is because a USB port is not simply a power socket; a regular USB connector has five pins, where only one is needed to charge the receiving end. By default, two of the others are used for data transfers.
So, if your smartphone is infected and you connect it to the USB port of a network computer, it could be the genesis of a corporate-wide cyberattack.
That’s not the only danger a USB port presents to your smartphone. There is also the risk of juice jacking, which is a type of cyberattack that uses a USB charging port to either steal data from the connected phone or infect the phone with malware – or both. Public charging stations, such as those found in most airports, are especially prone to juice jacking and are a favorite target of cybercriminals.
Data Theft by Juice Jacking
Stealing data from your smartphone is relatively easy. A cybercriminal can breach an unsecured charging kiosk using malware, then drop an additional payload that steals information from connected devices. Crawlers can then search your phone for personally identifiable information, including bank and credit card account credentials; wireless payment credentials, such as those associated with Apple Pay and Google Pay; phone contacts; account passwords; and more.
Even worse, this can happen in a matter of seconds using a malicious app that can clone all of your phone’s data during the first few moments of charging. In short, long before your smartphone is fully charged, a hacker will have everything they need to impersonate you, which is valuable information that can be sold on the dark web for a profit or re-used in social engineering campaigns.
Malware Infection by Juice Jacking
Sometimes, the hacker isn’t interested in the immediate theft of you data. Rather, the hacker’s goal is to install malware onto your smartphone through that same USB connection. The malware downloaded to your smartphone can take many forms, including adware, cryptominers, ransomware, spyware, and Trojans. If you think this is hughly unlikely, then consider that Android malware is now as prevalent and sophisticated as Windows malware and that mobile device operating systems are now targeted more often than desktop operating systems.
What’s the real danger if my smartphone is attacked?
The dangers are plenty. Cryptominers can use your smartphone’s CPU/GPU to mine cryptocurrency and drain its battery, ransomware can freeze your smartphone or encrypt your files for ransom, spyware can allow attackers to monitor and track your online and offline activity, and Trojans can hide in the background to serve up any number of other infections at will.
How to Protect Yourself
The easy answer for protecting yourself is to refrain for charging your smartphone through a USB port – especially those at public charging stations. Use an AC socket instead, which will not only protect your smartphone from being the target of an attack, but also prevent your smartphone from passing malware and viruses to your computer and, possibly, your corporate network.
Absent an AC socket, other non-USB options include external batteries, wireless charging stations, and power banks, which are devices that can be charged to hold enough power for several recharges of your phone.
All that said, there might be times that your only option is a USB port. It is for that reason that you should equip yourself with a USB data blocker, which is a physical cybersecurity device that blocks the data connections to a USB port while allowing that same port to be used safely for charging. If you travel often, adding one of these devices to your travel gear is a wise investment, especially when considering they only cost about 20 bucks.
Finally, never, never, never use found charging cables and power banks. These might not actually be lost, but rather placed by cybercriminals in airport waiting rooms, hotel lobbies, and office building parking lots for the sole purpose of tricking you into using them and infecting your device. As enthusiastic as you may be about finding some useful hardware, you will be more thankful not to be the target of some hacker’s next cyberattack.