The average person travels with a thousand dollars or more in carry-on electronics these days. There’s a reason most of us scurry to find electrical outlets at every layover. It turns out public USB outlets — especially those at airports — aren’t as harmless as you might expect. Now, tech security experts are warning against a new kind of USB hacking called “juice-jacking.”
In November, the Los Angeles County District Attorney’s Office released a video cautioning travelers against USB charger scams. Because USB cables can transfer both power and data, so-called juice-jacking is relatively straightforward. Hackers load malware (like a virus) into USB power outlets at airports, hotel lobbies, or cafes. When an unsuspecting user plugs their device into the outlet directly with a USB cable, that device can become infected. The malicious software can then be used to take control of the device (by locking or “bricking” it to make it unusable) or, worse, to steal sensitive data like passwords, bank account logins, credit card numbers, and more.
When The New York Times covered the hacking method last month, news outlets across the country couldn’t wait to reshare it with their readers. After all, the technique is child’s play even for a novice hacker with only a bit of tech-savvy and physical access to the USB port in question. The big question, though, is how likely the average traveler’s devices are to be “jacked.” Sure, it’s possible, but is it likely? Snopes confirms the threat is real but minimal: “While it is technically possible for crooks to steal information or install malware via public USB ports, this practice doesn’t appear to be widespread.”
The two experts interviewed for The New York Times story were unaware of how common the phenomenon is. When TechCrunch followed up with the L.A. District Attorney for comment, the office’s chief prosecutor confirmed “it has ‘no cases’ of juice-jacking on its books, though it said there are known cases on the East Coast. When asked where those cases were, the spokesperson did not know. And when asked what prompted the alert to begin with, the spokesperson said it was part of “an ongoing fraud education campaign.”
However widespread juice-jacking may be, the good news is that it’s easy to defend against. Never use a public USB charging station, but rely instead on AC power outlets. For smartphone users, that just means carrying a standard AC power “cube” to act as an intermediary between their USB cable and any USB outlet. “USB condoms” (we swear, that’s a real thing) that disable the data pins on a standard USB data cable are also available for less than $5. A backup battery is another great alternative: Charge the battery at any AC or USB power outlet, then charge your phone via the battery.
