The holiday season may have already started to some parents and their kids. Naturally, gadgets would be on the top of “items to bring” list. Those devices, however, are the beasts which are forever hungry for power. Everyone seems to bring along a pack or two of power banks nowadays. But even such power banks, some as powerful as 30,000mAh, will not be enough.
For the sake of convenience, airports, fast-food restaurants, and even buses have USB charging stations. Indeed, a charging station can look like an oasis to a traveller with a dying phone. But in general not many people actually ask the question – are these public USB ports safe to use? They are not 100% safe because your phone or tablet could be hacked.
Yes, as crazy as it may sound, a simple task of charging your phone could end up burning a huge hole in your pocket. Earlier in May this year, X-Force Threat Intelligence at IBM Security issued a warning about the risks – “Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been.”
That’s because the USB ports don’t merely convey power, but also transfer data between devices. Early this month, ahead of the busiest travel day of the year, the Los Angeles District Attorney published a warning that travellers should avoid using public USB power charging stations in airports, hotels and other locations because they may contain dangerous malware.
In the USB Charger Scam, often called “juice jacking,” criminals load malwareonto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users. As a result, the malware may lock the device or export data and passwords directly to the scammer, says the District Attorney’s Office.
Hence, it’s much safer to bring your own charger and plug it into an AC power outlet on the wall or bring a portable power bank or charger to recharge your phone when you’re low on bars. If you insist on using public USB ports, Caleb Barlow, Vice President of X-Force Threat Intelligence at IBM Security, recommends investing US$10 for something called a “Juice-Jack Defender”.
Basically, Mr. Barlow says that – “It’s a little dongle you can put in front of your charging cord that basically blocks any data from passing down the cord. It only passes the voltage.” Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches. Therefore, the security threat from public USB power stations is real.
In the same breath, it’s wise not to plug your phone into the USB socket beside the bed in an overseas hotel which you just checked in. It’s also a smart move to buy cables that are designed as charge-only devices for external use such as at the airport or hotel. Yes, not many realise that there are different types of co-called charging cables – with or without the ability to transfer data.
Travellers also have a habit of renting cars. When you rent a car these days, it’s likely that it will come equipped with an infotainment system that will interface with your phone for calls, texts, music, navigation and more. Once you’ve connected, these cars may store your personal information. The data collected may include your phone number, call and message logs, streaming music service account information and more.
Just because you have unplugged your phone does not mean your data have been removed and deleted automatically from the rented car. You will have to manually delete the data stored in the car. When you return your car, make sure you “unpair” your device, if you use Bluetooth to pair it in the first place. Never trust anything that doesn’t belong to you.
The good news is that the mobile phone developers have been working on the issue and phones are more secure now. As you might have noticed, Apple devices like your iPhone and your iPad now give you the “Trust this computer?” dialog whenever you plug your phone into a new computer or device. If you choose “don’t trust,” whichever device you are connecting to shouldn’t have access to your data.
Logically, if you are plugging into a charging station that is truly just for power only, then you shouldn’t be prompted to “Trust this computer.” If you accidentally plug into a public charging station and get that prompt, that’s a huge red flag. Immediately disconnect or unplug your phone immediately, because that means it is not only charging your phone, but also transferring data from your gadget.
– Finance Twitter