The Los Angeles County district attorney’s office is warning travelers using Los Angeles International Airport of a new scheme targeting people who need a quick boost at public USB charging stations. The USB charging scam, also known as “juice jacking,” involves hackers spoofing charging stations to steal information.
Similar to credit-card skimming, fake charging stations are set up via port or cable, and unknowing users who plug into them expose their devices to malware attacks that can lock their devices and export sensitive contents such as passwords and bank account numbers into the hands of waiting information thieves.
“#ICYMI: Avoid using public USB charging stations at airports and other locations,” the district attorney’s office wrote on Twitter.
Deputy District Attorney Luke Sisak says investigators from his office have seen scammers whom they know to be involved in identity-theft schemes with the software and hardware capable of performing the “juice jacking” scam. He says his office wants to give travelers the information they need to protect themselves.
“It’s something that people should be aware is possible,” he said. “And they mostly don’t know that it is.”
Sometimes phone security is taken for granted, he says, along with the knowledge that the phone’s charging port is also how the phone sends and receives data.
“The big thing we tell people is to try to use [a power] adapter instead of finding a random USB socket somewhere,” he says. He also cautioned people to be aware of actions such as habitually using the cables in ride-share cars, hotels or, if traveling abroad, in Internet cafes.
A key thing to look out for is whether your phone displays a “Do you trust this computer?” message when you plug into a USB outlet. Sisak said that’s an easy giveaway that a data device has been connected to it. On anything that’s not your home computer, the answer should always be “no.”
Scammers rely on the easy access that the multiuse charging stations provide to catch fliers off-guard.
Sisak recommends avoiding USB charging stations in airports and hotels, and he says travelers should make sure their packing list includes a charger for quick plug-ins to wall outlets.
“It doesn’t seem like it’s happening daily, but it is something that’s very hard to track,” Sisak says. “It’s just far better to try to be safe than sorry.”
The Sunday after Thanksgiving is expected to set a record for airline travel, with 3.1 million passengers expected to travel on Dec. 1, and 31.6 million travelers expected to board U.S. carriers during the 12-day Thanksgiving travel period (Nov. 22-Dec. 3), according to Airlines for America.
Even with so much going on during the holiday season, experts say that avoiding this kind of trap shouldn’t be difficult with a little awareness and vigilance. Bruce Schneier, a cybersecurity expert at the Harvard Kennedy School, assures that charging ports at airports are generally put there by vetted officials.
But for passengers who would like the added peace of mind and extra security, he recommends buying a “USB condom” to protect them from any security vulnerabilities.
The device is an add-on USB connector, usually costing around $10, that blocks the data pins on the end of a USB cable so that the only thing that flows from an outlet to a device is power.
Schneier is skeptical that a hacker would be able to pull off the kind of effort it would take to rig a public charging station, given how public and busy airports are.
“If you’re looking at a USB terminal and digging around with screwdriver, someone’s going to say, ‘What the hell are you doing?’” Schneier says.
Thankfully, he has seen little to no data that would raise this to the level of a widespread concern. There’s ultimately, he says, a very simple step to reduce the chances it can happen to you: “Honestly, if you worry, just plug it into a power outlet.”