InfoSecBulletin Cybersecurity for mankind
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use public USB ports to load malware and other types of monitoring software onto connected mobile devices. It may be more of a hassle but the FBI recommends carrying your own charger and USB cable and using a standard electrical outlet if you need a refill.
Juice-jacking warnings have been around for years although not everyone is convinced that the threat is serious or even actionable.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
In 2021, the Federal Communications Commission (FCC) issued a similar warning on the dangers of using public charging stations. Dirty USB ports can load software that can lock a device or steal passwords and other sensitive information while running in the background. In some instances, a hacker may even leave a compromised cable plugged into a power station in hopes of it being used by an unsuspecting victim.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
– FBI Denver (@FBIDenver) April 6, 2023
In actuality, this and other potential attack vectors all boil down to what level of paranoia you subscribe to and how far down the rabbit hole you want to go.
Is an attack like the one the FBI warned against plausible? Sure. But even if you use your own charger, can you be certain that nobody has tampered with it or your charging cable? Did it come directly from your phone manufacturer or was it purchased from a third party accessory maker? What about public Wi-Fi hotspots, how secure do you believe those are? And what about all the apps you have downloaded and the sites you visit?
The reality is that smartphones are susceptible to all sorts of attached and wireless attacks, many of which the general public probably have not even considered. It comes down to risk versus reward, convenience versus privacy.
