Yes, your cellphone could be hacked if you use a public USB charging station

The FBI warns against using USB charging stations in airports and other public places due to the risk of “juice jacking.” Here’s how to protect yourself.

Recent social media posts claim that the FBI has warned people against using free USB charging stations in airports and other public places. 

The warning stems from the risk of “juice jacking,” where hackers can infect devices with malware and steal personal information, the posts claim. 

VERIFY reader Paula also asked if hackers can place malware onto your device when you’re using a public charging station.

THE QUESTION

Can hackers use public USB charging stations to install malware and steal data from electronic devices?

THE SOURCES

THE ANSWER

   

This is true.

Yes, hackers can use public USB charging stations to install malware and steal data from electronic devices. But some phones and devices have added safety features that can prevent the cyber-theft tactic.

Did you know VERIFY has a YouTube show? Subscribe for a weekly roundup of our top fact-checks.

WHAT WE FOUND

Government agencies have warned against using public USB charging stations in airports, hotels and other public spaces for more than three years.

These charging stations allow people to plug their USB charging cable directly into a slot, instead of using a traditional wall outlet to charge their devices.  

In November 2019, the Los Angeles County District Attorney’s Office issued an advisory about “juice jacking.” The term, which was first coined in 2011, refers to a cyber-theft tactic in which criminals can infect your device with malware or a virus, or steal your data

The Federal Communications Commission (FCC) and the FBI also warn about the potential dangers of charging your phone or device at a free USB port station. 

Antivirus software company Norton says there is “little evidence” that juice jacking has become a “widespread problem,” but it remains a “real security threat” nonetheless.

So how does “juice jacking” work and what are the risks?

If you have a smartphone, such as an iPhone or Android device, both power and data are transferred through the same cable, Norton explains. This could open up your device to security risks like malware installation and data theft if you use a public USB port station.

“When your phone connects to another device, it pairs to that device and establishes a trusted relationship. That means the devices can share information,” Norton writes on its website.

While social media posts may make it seem like “juice jacking” can happen without warning, your phone usually has a first line of defense if its software is up-to-date. Apple and Google have added safety features to iOS and Android operating systems to help prevent juice jacking, Norton says. 

For example, if you’re connecting your phone to another computer or device for the first time, you’ll likely get an alert message that asks whether you “trust the computer.” 

But, if you have a device without the latest software or trust the wrong device, your personal information is at an increased risk of being compromised. 

More from VERIFYYes, scammers are impersonating Apple Support to try to steal your iCloud account information

If a cybercriminal installs malware through a compromised USB port, it can lock your device or export personal data such as passwords and financial information directly to the perpetrator, according to the FCC and Norton.

Cybercriminals can then use that information to access your online accounts or sell your data to other bad actors, the FCC says.

You can follow these tips to protect your device from juice jacking at a public USB charging station: 

  • Use a regular AC wall outlet, rather than a public USB charging station.
  • Carry a portable charger or external battery for your device.
  • Consider carrying a charging-only cable, which prevents data from sending or receiving while your device is charging.
  • If you plug your device into a public USB port and a prompt asks you to select “share data” or “charge only,” always select “charge only.”

The VERIFY team works to separate fact from fiction so that you can understand what is true and false. Please consider subscribing to our daily newsletter, text alerts and our YouTube channel. You can also follow us on Snapchat, Instagram, Facebook and TikTok. Learn More »

Follow Us

Want something VERIFIED?

Text: 202-410-8808

Related Stories