In addition to passing the current, they could be used to steal data or install dangerous software: but there are ways to defend yourself
At the beginning of November, the Los Angeles District Attorney issued a statement, later reported in many newspapers, saying that it can be dangerous to charge smartphones in public places through USB ports because those USB ports could allow malicious people to access data contained in smartphones. Data theft or the installation of malicious software in smartphones loaded via USB cables has existed for years and is known as juice jacking. It is good to see that it is a real danger. Still, it must also be said that over the years, smartphones have become increasingly capable of defending themselves against these attacks, which are considered quite rare, and that there are countermeasures.
In addition to running the power needed to charge smartphones, USB cables can also be used to let data in and out of smartphones. The scam known as juice jacking exploits this dual function to gain unauthorized access to what is contained in smartphones without their owners noticing: it only takes a few seconds to steal passwords or install malware, i.e., malicious software.
There is no data on how widespread juice jacking is, and the district attorney himself explained to Tech Crunch that his statement was released for information and preventive purposes and that before the statement in his area of expertise, there had been “no case” of data theft via USB ports. But it’s certain that it doesn’t take much time and great expertise to modify a USB port so as to hide from us what it takes to have access to smartphones.
Without going into detail about how these USB ports are modified and bearing in mind that this is not a widespread phenomenon, there are several possible precautions to take and things to know.
The first and easiest way to avoid this risk is to bypass it: juice jacking only works through USB ports and cables, so use adapters and power sockets to charge your phone safely. Or always take a portable charger (or “power bank”) with you and charge your phone from there if necessary.
If you need to charge a phone from a USB socket in a public place, you should first pay attention to the appearance of any messages on your smartphone. Virtually every smartphone – both Android and iOS – understands when a USB cable is trying to carry or steal data, as well as current, and therefore points this out with a warning message. In that case, if the cable is not connected to a computer you trust, it is best to avoid it by rejecting the request and, even better, by unplugging the cable and smartphone.
For those who want to use the USB ports of airports, clubs, and public places of all kinds and countries, there is the possibility of additional protection. There are so-called “USB condoms” (USB condoms for USB) that must be placed between cable and USB port and serve to prevent unwanted data from passing between cable and smartphone. The simplest ones cost less than ten euros.
In addition to USB ports that you don’t trust, you should also be careful with cables, where you can now hide what you need to install small but dangerous malware on smartphones. The danger here lies in the cable, no matter which USB port you use.
