InfoSecBulletin Cybersecurity for mankind
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use public USB ports to load malware and other types of monitoring software onto connected mobile devices. It may be more of a hassle but the FBI recommends carrying your own charger and USB cable and using a standard electrical outlet if you need a refill.
Juice-jacking warnings have been around for years although not everyone is convinced that the threat is serious or even actionable.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
In 2021, the Federal Communications Commission (FCC) issued a similar warning on the dangers of using public charging stations. Dirty USB ports can load software that can lock a device or steal passwords and other sensitive information while running in the background. In some instances, a hacker may even leave a compromised cable plugged into a power station in hopes of it being used by an unsuspecting victim.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
– FBI Denver (@FBIDenver) April 6, 2023
In actuality, this and other potential attack vectors all boil down to what level of paranoia you subscribe to and how far down the rabbit hole you want to go.
Is an attack like the one the FBI warned against plausible? Sure. But even if you use your own charger, can you be certain that nobody has tampered with it or your charging cable? Did it come directly from your phone manufacturer or was it purchased from a third party accessory maker? What about public Wi-Fi hotspots, how secure do you believe those are? And what about all the apps you have downloaded and the sites you visit?
The reality is that smartphones are susceptible to all sorts of attached and wireless attacks, many of which the general public probably have not even considered. It comes down to risk versus reward, convenience versus privacy.
