Are public USB chargers safe or dangerous?

I saw public USB charging slots at airport. But are those safe to use as USB is pretty unsafe interface?

Or this?

I prefer own know to be safe charger connected to mains power. This keeps my devices safe.

22 Comments

  1. opera support says:

    It might be safe or unsafe. It is always preferred not to use public USB chargers. It is a very easy way to steal data from your device and the user of the device is unaware of this. I recommend everyone not to charge with these public ones. Instead, you carry power banks for your device.

    Reply
  2. Tomi Engdahl says:

    Other public potential danger: public WiFi

    Simple Steps to Protect Yourself on Public Wi-Fi
    https://www.wired.com/story/public-wifi-safety-tips/

    Accessing the internet isn’t normally a problem when you’re inside the confines of your own home—it’s secure, it’s easy to connect to, and it’s relatively uncongested—unless the whole family is streaming Netflix on five separate devices. When you venture out though, it’s a different story. You can access Wi-Fi in more places than ever, enabling you to keep in touch or catch up with work from wherever you happen to be, but getting online isn’t quite as simple, or as safe, as it is with your home network.

    Reply
  3. Tomi Engdahl says:

    USB charging dangers and USB Condom
    http://www.epanorama.net/newepa/2013/09/23/usb-charging-dangers-and-usb-condom/

    You plug the smartphone into a socket and it starts charging – the same as with a flashlight or a toothbrush, right? But, in fact, there are some hidden dangers which you need to be aware of. Public charging stations help smartphone users, but also open a new avenue for hacking.

    When charging a smartphone from a PC, or connecting it to a USB port in a car or plane, we rarely consider the possibility that information may be exchanged, as well as power. Beware of Juice-Jacking is asking do you hesitate before connecting your phone to this unknown device that could be configured to read most of the data on your phone, and perhaps even upload malware?

    The easiest, and usually quite effective, way to avoid these problems is to switch off the smartphone completely before charging it and keeping it switched off until the procedure is completed. Usually this is not the most user friendly when you want to be on-line all the time.

    USB “Condom” Allows You To Practice Safe Charging

    USB charger meter with protection
    http://www.epanorama.net/newepa/2014/08/15/usb-charger-meter-with-protection/

    The functionality is similar to USB condom: just pass the charging power and do not allow any data communications. This is a good security feature because there are potential dangers when you connect USB cable.

    Reply
  4. Tomi Engdahl says:

    Do you dare to use random public Universal Security Breach interface for charging? I would make my phone to stay faithful to my own charger harem. If need to use unknown USB, then use USB condom to be safe.

    Reply
  5. Ritesh says:

    Me as a user always preferred not to use public USB chargers cz of many reasons. I recommend everyone not to charge with these public ones, you carry power banks for your device.

    Reply
  6. Tomi Engdahl says:

    Why you should never use phone charging stations at airports
    https://nypost.com/2019/05/22/why-you-should-never-use-phone-charging-stations-at-airports/

    You’re waiting at the airport, your phone vibrates in your hand — but it’s not a text.

    “Low Battery — 20 percent of battery remaining” pops up on your screen.

    So, you track down the nearest free charging station and refuel your dwindling device.

    But, it turns out that decision might cost you more than a few extra minutes on social media before you board.

    Speaking to Forbes, Barlow said these ports could act like a passageway from your device to the charging station.

    “Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth,” he said. “You have no idea where that thing has been.”

    the transportation industry has become the second-most attacked sector in 2018

    “Now, if you see an Apple charging cord, you’re likely to grab it or just plug into it. But inside this cord is an extra chip that deploys the malware, so it charges your phone, but now I own your computer.”

    Reply
  7. Tomi Engdahl says:

    Why You Should Never Use Airport USB Charging Stations
    https://www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport-usb-charging-stations/

    Those oh-so-handy USB power charging stations in the airport may come with a cost you can’t see. Cybercriminals can modify those USB connections to install malware on your phone or download data without your knowledge.

    It’s much safer to bring your regular charger along and plug it into a wall outlet or, alternatively, bring a portable power bank to recharge your phone when you’re low on bars.

    Reply
  8. Tomi Engdahl says:

    Why You Should Never Borrow Someone Else’s Charging Cable
    http://on.forbes.com/6182ECta8

    Protect your charging cables like you protect your passwords, say cybersecurity experts.

    Last week, at the annual DEF CON Hacking Conference in Las Vegas — “hacker summer camp,” says Henderson — a hacker who goes by “MG” demonstrated an iPhone lightning cable that he had modified. After using the cable to connect an iPod to a Mac computer, MG remotely accessed the cable’s IP address and took control of the Mac, as Vice reported in play-by-play fashion. MG noted that he could later remotely “kill” the implanted malware and wipe out all evidence of its existence. The enterprising hacker had a stash of so-called O.MG cables that he was selling for $200 apiece.

    Reply
  9. Tomi Engdahl says:

    For the moment, Henderson says, a bigger threat than malicious charging cables is USB charging stations you see in public places like airports. “We’ve seen a couple of instances where people modified charging stations. I’m not talking about an electrical outlet, I’m talking about when there’s a USB port on a charging station.”
    http://on.forbes.com/6182ECta8

    Reply
  10. Tomi Engdahl says:

    November 6, 2019: ‘Juice Jacking’ Criminals Use Public USB Chargers to Steal Data
    http://da.co.la.ca.us/community/fraud-alerts/juice-jacking-criminals-use-public-usb-chargers-steal-data

    In the USB Charger Scam, often called “juice jacking,” criminals load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users.

    The malware may lock the device or export data and passwords directly to the scammer.

    TIPS:

    Use an AC power outlet, not a USB charging station.
    Take AC and car chargers for your devices when traveling.
    Consider buying a portable charger for emergencies.

    Reply
  11. Tomi Engdahl says:

    Officials warn against using public USB charging stations
    https://www.local10.com/tech/officials-warn-against-using-public-usb-charging-stations

    Travelers who use USB charging stations at airports and other public areas are being urged to avoid them.

    Reply
  12. Tomi Engdahl says:

    Officials warn about the dangers of using public USB charging stations
    Travelers should use only AC charging ports, use USB no-data cables, or “USB condom” devices.
    https://www.zdnet.com/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/

    Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week.

    USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two.

    security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.

    This type of attack received its own name, as “juice jacking.”

    The LA District Attorney’s warning [PDF] covers many attack vectors, because there’s different ways that criminals can abuse USB wall chargers.

    LA officials say criminals can load malware onto public charging stations, so users should avoid using the USB port, and stick to using the AC charging port instead.

    LA DA’s warning also applies to USB cables that have been left behind in public places. Microcontrollers and electronic parts have become so small these days that criminals can hide mini-computers and malware inside a USB cable itself. One such example is the O.MG Cable. Something as benign as a USB cable can hide malware nowadays.

    many have pointed out that since the first juice jacking demos back in 2013, both Android and iOS have now incorporated popups in their user interface to alert a user when a USB port is attempting to transfer data, rather than just electrical power.

    US authorities usually issue security alerts based on reports and threats they see in the real world.

    https://mg.lol/blog/omg-cable/

    Reply
  13. Tomi Engdahl says:

    Can you get privacy by allowing a nasty phone charger to hack your phone through USB?

    FANGo is a phone charger concept that claims to provide a practical means of masking your online activities by using USB backdoor to access your phone. It is possible to do the exact same thing with an app, but integrating those functions into a phone charger is claimed to be more convenient for some people by the project inventors.

    If it can do what it claims, what else nasties it can do without you noticing? Somehow I don’t like this idea that is like badUSB dressed like a phone charger.

    https://www.hackster.io/news/fango-is-a-phone-charger-that-protects-your-privacy-from-facebook-and-other-corporations-e79d9f26149d

    http://martinnadal.eu/fango/

    Reply
  14. Tomi Engdahl says:

    For both safety and maximum charging speed, skip the USB charging ports. Plug your phone’s standard charger directly into the AC outlet and charge from there. There’s no risk of data connection happening over the power outlet—even if network traffic is being transmitted over the electrical wiring.

    You’re safe as long as you plug in a trusted charger.

    This can even boost your charging speed.

    https://www.howtogeek.com/364032/how-to-protect-yourself-from-public-usb-charging-ports/

    Reply
  15. Tomi Engdahl says:

    “Modern Android phones are designed to protect your data from malicious USB charging ports. Despite this, there have been some reports about theoretical security vulnerabilities related to AT modem commands [instructions used to control a modem], and I haven’t seen any reports they’ve been fixed,” Chris explained to Lonely Planet Travel News. “Let’s be clear, though: I haven’t seen any reports that these flaws are being exploited out there in the real world. There’s no evidence that a bad USB port has ever exploited them. Despite that, it’s always a good idea to have the latest security updates for your Android devices.”

    https://www.lonelyplanet.com/news/2019/02/23/smartphone-risk-public-usb-port

    Reply
  16. Tomi Engdahl says:

    First they install those USB chargers everywhere. Then they tell that those USB chargers are pretty much useless and potentially dangerous (Cyber security and electrical safety hazard of sub-standard cheap chinese in-wall chargers).
    What a waste of material and human efforts: making decision to invest to them, electrician installing, marketing convincing people that using them is a good idea, then researchers/media informing of potential dangers and finally frustration of users – And finally marketing a “solution” for some of the problems.

    Reply
  17. Tomi Engdahl says:

    Using public USB charging stations could drain your bank account, officials warn
    https://6abc.com/warning-issued-against-using-public-usb-charging-stations/5695003/

    Just weeks ahead of the busy holiday travel season, people are being warned against using airport USB charging stations.

    The Los Angeles District Attorney’s Office sent out a tweet cautioning about a USB charger scam, also known as “juice jacking.”

    They advised people not to use public USB charging stations at places such as airports or shopping centers, as they could be loaded with malware.

    “Credit cards, passwords to banking accounts, your home address – all of that, if you’ve ever put it into the internet anywhere could potentially be saved in your history in your phone,” Sisak said.

    The D.A. offered the following tips for not becoming a victim of fraud:

    - Use an AC power outlet, not a USB charging station
    -Take AC and car chargers for devices when traveling
    -Consider buying portable chargers for emergencies

    Reply
  18. Tomi Engdahl says:

    My Android phones have been highly resistent to talking to an upstream device unless I tell them it’s ok. But…I’ll not say it’s perfectly impervious.or true for all. Tablets…not so much

    You need a USB condom. Never connect more than power. Physical access is the easiest access to pown most devices. iPhones have a not patchable vulnerability going back generations, for example.

    Reply
  19. Tomi Engdahl says:

    If you use your own original or known to be safe charger plugged to mains outlet, and you are safe – both cyber safe and electrically safe.
    Public USB outlets are potential danger unless you use “charge only USB cable” or “USB condom”.

    Reply
  20. Tomi Engdahl says:

    FBI warns against using public phone charging stations
    https://www.cnbc.com/amp/2023/04/10/fbi-says-you-shouldnt-use-public-phone-charging-stations.html

    The FBI is warning consumers about “juice jacking,” where bad actors use public chargers to infect phones and devices with malware.
    The law enforcement agency says consumers should avoid using public chargers at malls and airports, and stick to their own USB cables and charging plugs.

    The FBI recently warned consumers against using free public charging stations, saying crooks have managed to hijack public chargers that can infect devices with malware, or software that can give hackers access to your phone, tablet or computer.

    “Avoid using free charging stations in airports, hotels or shopping centers,” a tweet from the FBI’s Denver field office said. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”

    The FBI offers similar guidance on its website to avoid public chargers. The bulletin didn’t point to any recent instances of consumer harm from juice jacking. The FBI’s Denver field office said the message was meant as an advisory, and that there was no specific case that prompted it.

    The Federal Communications Commission has also warned about “juice jacking,” as the malware loading scheme is known, since 2021.

    https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/on-the-internet

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*