InfoSecBulletin Cybersecurity for mankind
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use public USB ports to load malware and other types of monitoring software onto connected mobile devices. It may be more of a hassle but the FBI recommends carrying your own charger and USB cable and using a standard electrical outlet if you need a refill.
Juice-jacking warnings have been around for years although not everyone is convinced that the threat is serious or even actionable.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
In 2021, the Federal Communications Commission (FCC) issued a similar warning on the dangers of using public charging stations. Dirty USB ports can load software that can lock a device or steal passwords and other sensitive information while running in the background. In some instances, a hacker may even leave a compromised cable plugged into a power station in hopes of it being used by an unsuspecting victim.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
– FBI Denver (@FBIDenver) April 6, 2023
In actuality, this and other potential attack vectors all boil down to what level of paranoia you subscribe to and how far down the rabbit hole you want to go.
Is an attack like the one the FBI warned against plausible? Sure. But even if you use your own charger, can you be certain that nobody has tampered with it or your charging cable? Did it come directly from your phone manufacturer or was it purchased from a third party accessory maker? What about public Wi-Fi hotspots, how secure do you believe those are? And what about all the apps you have downloaded and the sites you visit?
The reality is that smartphones are susceptible to all sorts of attached and wireless attacks, many of which the general public probably have not even considered. It comes down to risk versus reward, convenience versus privacy.
