Amidst all the headaches of holiday travel, cybersecurity probably isn’t top of mind for most people. You might not think twice about plugging your phone into a charging station at the airport, but you should: Those public USB ports might be hiding malware that can infect your phone and steal your personal data.
After a tweet from the Los Angeles County District Attorney’s office warned travelers not to use USB chargers in airports, it set off a flurry of interest in so-called “juice jacking,” where hackers plant malware in public charging ports. We talked with experts to learn more about the threat, and got the scoop on other dangers to watch out for on your next trip.
What Is Juice Jacking?
Juice jacking happens when a hacker tampers with a USB charging port, or the cable attached to it, so that it installs malware on a device that gets plugged into it, says Paige Hanson, chief of identity education at NortonLifeLock.
“Once a device is plugged in, it becomes infected,” she told Men’s Journal via email. “After a phone is infected, the malware can send a full backup of the phone directly to the attacker.”
The malware can also be programmed to install fake apps on your phone that mimic authentic apps—another way of spying on your phone and nabbing your personal information.
How to Protect Your Data
It can be nearly impossible to tell if a USB port has been tampered with, Hanson says, so it’s best not to take chances on a public USB connection. Experts agree that charging at home or your office, using your own portable charger, or using a regular wall outlet with your own charging cables are the best ways to avoid malware. “True safety involves maintaining control over every part of the charging process,” says Adam Levin, founder and chairman of the cybersecurity firm CyberScout.
What Are the Other Risks With Using a Public USB Port?
While a hacked USB port sounds bad, it’s far from the only cybersecurity threat you might face while traveling. In fact, many experts told us that juice jacking is actually pretty rare—and nearly all of them agreed that public WiFi networks are a much greater danger when you’re out and about. That’s because hackers can set up fake WiFi hot spots in public places (or interfere with a legit public hot spot) in order to harvest your data.
“For less than $100, a hacker could set up a rogue wireless access point to eavesdrop on any unsuspecting travelers who connected to their ‘Starbucks’ WiFi,” says Michael Wylie, director of cybersecurity services at Richey May Technology Solutions. “How do you know the ‘Starbucks’ WiFi really belongs to Starbucks the coffee shop?”
There are three ways to keep yourself safe when browsing the Web away from home, Hanson says.
- If you connect to a public WiFi network, don’t visit any sites that require a password, since a hacker could be monitoring the network to capture passwords and info.
- If you do need to log in to a sensitive site like your bank or email account, do it over your cellular connection, which is much harder to hack.
- Finally, the best option is to purchase a VPN (opt for a paid one, Hanson says, because the free ones use your data to make money), which encrypts all your Web data to keep it hidden from prying eyes.
“Although it sounds harmless,” Hanson says, “any activity that requires a login can put your personal information at risk while on public WiFi.”
Take a few steps to protect your yourself online, and you’ll have one less headache to deal with this holiday season.