InfoSecBulletin Cybersecurity for mankind
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use public USB ports to load malware and other types of monitoring software onto connected mobile devices. It may be more of a hassle but the FBI recommends carrying your own charger and USB cable and using a standard electrical outlet if you need a refill.
Juice-jacking warnings have been around for years although not everyone is convinced that the threat is serious or even actionable.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
In 2021, the Federal Communications Commission (FCC) issued a similar warning on the dangers of using public charging stations. Dirty USB ports can load software that can lock a device or steal passwords and other sensitive information while running in the background. In some instances, a hacker may even leave a compromised cable plugged into a power station in hopes of it being used by an unsuspecting victim.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
– FBI Denver (@FBIDenver) April 6, 2023
In actuality, this and other potential attack vectors all boil down to what level of paranoia you subscribe to and how far down the rabbit hole you want to go.
Is an attack like the one the FBI warned against plausible? Sure. But even if you use your own charger, can you be certain that nobody has tampered with it or your charging cable? Did it come directly from your phone manufacturer or was it purchased from a third party accessory maker? What about public Wi-Fi hotspots, how secure do you believe those are? And what about all the apps you have downloaded and the sites you visit?
The reality is that smartphones are susceptible to all sorts of attached and wireless attacks, many of which the general public probably have not even considered. It comes down to risk versus reward, convenience versus privacy.
