Users' smartphones face the risk of being attacked, infected with ransomware, and losing data when charging in public.
Experts have warned about threats such as public Wi-Fi connections, weak passwords or many forms of online fraud. But a less discussed danger also exists public USB charging ports.
Currently, public charging ports are everywhere, from airports, cafes, libraries to means of transport such as airplanes and buses. It "saves" phones that are about to run out of battery, especially when they need to send messages or handle work.
However, according to Xatak Android, when charging via a public charging port, users will face an attack called Juice Jacking - a method of exploiting the data transmission capabilities of the USB port to steal information. or inject malicious code into the connected device.
According to the Spanish National Cyber Security Institute (INCIBE), Juice Jacking takes advantage of the dual function of the USB port: charging and data transfer. Bad actors can tamper with public charging stations by installing modified hardware or software.
With hardware, they can modify or add a malicious electronic circuit that allows them to bypass security measures on smartphones, then automatically steal data and send it to a remote server in case that circuit has connect to Wi-Fi or Ethernet cable or collect data locally if the circuit has built-in memory. On the circuit, bad actors can also pre-install malicious code to redirect the device to a private server, then install malware.
For charging areas equipped with charging cables, bad actors may provide cables labeled "charging only", but in reality, the inside has been modified, integrating additional circuits capable of bypassing communication. security protocol on the device to transmit unauthorized data.
Once the device is compromised, hackers can steal all information on that phone, including email accounts and passwords, social networks, and banking apps. Data available on the device such as contacts, photos, messages and personal information may also be collected. In addition, user data is also threatened if infected with malicious code for ransom.
INCIBE recommends that users should limit charging via cables and public USB drives. Instead, you should bring your own cord and charger, or a spare charger, buy a cable that can block data transmission, and be wary of strange cables. On smartphones, turn on "Charge only" mode to prevent data transfers.
Besides, users can equip a wireless charging dock if the smartphone has this charging technology. Instead of plugging the cable directly into the phone, users can plug it into the wireless charging dock to charge. The disadvantage of this form is that the charging speed is slower.
In addition, you should proactively protect your data from the start, including using strong passwords and multi-factor authentication, being alert to phishing emails and text messages, and backing up your data regularly. If you suspect your device is compromised, you need to change your password, scan your device for malware, log out, and change important account passwords. Finally, you can restore the device's factory settings if you feel your smartphone is infected with malware.
In the middle of last year, the US Federal Bureau of Investigation (FBI) also warned against charging phones and computers in public places due to the risk of being infected with tracking software.
"Plugging your phone charger into a public USB port is like seeing a toothbrush on the side of the road and deciding to put it in your mouth. You can't know what that toothbrush has been through, like the other USB port. Remember The USB port at the charging station can transmit data," Caleb Barlow, an IBM expert, told CNBC.