The U.S. FBI has issued a warning about “juice jacking” – public charging ports that have been tampered with and infected with malware. The alert was raised on April 6, 2023, when the FBI Denver Twitter account published a warning that “bad actors have figured out ways to use public USB ports…” (as reported by CBS News).
The FBI offers similar guidance on its website to avoid public chargers. The Federal Communications Commission has similarly warned about “juice jacking,” with the first warning appearing in 2021.
Looking at the government advice for Digital Journal is Matt Wiseman, Sr. Product Manager at OPSWAT, a global organization specializing in critical infrastructure cybersecurity.
Wiseman summarises the issue as: “According to the FBI, if you connect your phone or iPad to a public charging station that has been tampered with and infected with malware, it could potentially lock your device or allow criminals to obtain sensitive information, including passwords, addresses, banking details, and even a complete backup of your phone.”
Hence, this presents a new concern in relation to cybersecurity.
There are a number of areas where this vulnerability may be found, notes Wiseman: “The FBI’s recent tweet about using free charging stations at airports, hotels and shopping centers serves as an important reminder – for both consumers and businesses alike – of how important it is to not plug in any sort of portable media or USB without first checking and validating it (this includes your cell phone).”
This is a particular concern for those who are handling sensitive information, as Wiseman explains: “As business travel rises to pre-COVID rates again, it is especially important for companies to remind employees about the security risks of inserting or plugging in any type of portable media or connected cables – especially when corporate data and devices are involved.”
Wiseman moves on to consider some best practices that companies can adopt in order to mitigate “juice jacking” and other risks that portable media pose
Security awareness
Since malicious actors can weaponize USB charging cables, Wiseman advises: “If you use an unknown cable, you can be at risk. Also, if you use a USB port for power, people can tamper with the internals of the USB and implant devices that can work to distribute malware. USB Data Blockers are a great way to charge devices by only allowing power through. It is always best to be aware of where your hardware devices have come from and who has had access to them.”
Control and limit the types of portable media that are permitted
USB storage media and USB cables can be a common, everyday item, but they pose a major security risk. Here Wiseman recommends: “By controlling and limiting the types of connected portable media, businesses can reduce the risk of portable media threats.2
He adds: “For organizations that rely on portable media or cables to transfer data, it is best to invest in a security solution that can scan, validate and secure the content being transferred. We need to ensure that the media itself is free from malware, while also checking the device for any sort of threats as well.”
