Hacking Risk – Charging Phones Via Public USB Port

A few months ago, Forbes released a damning article on why airport USB charging stations can be dangerous to charge your mobile devices with. There was much debate online as to what the risks were and how likely they are to affect you and whether or not IBM Security Vice-President; Caleb Barlow’s statement that “Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been” was true or perhaps a little over the top? The term is called ‘Juice-Jacking’ and multiple articles have now been written about this, many great claims made, and certain companies upped the marketing of their ‘protective’ devices which could guard against a hacking threat.

https://www.lonelyplanet.com/articles/smartphone-risk-public-usb-port

https://www.thesun.co.uk/travel/9127249/airport-charging-stations-device-hacked/

https://uk.pcmag.com/news/119592/evil-usb-cable-can-remotely-accept-commands-from-hacker

The thing to remember first and foremost is that this threat is incredibly low, experts say that this is something that could happen rather than something that is currently is happening. However, cyber-criminals are getting increasingly more skilled at extracting data or money from victims and this could be a threat on the rise. Think of the unsuspecting child or teen with a new phone or device that’s connected to their parent’s bank accounts – the goal is to keep the phone going at all costs (heaven forbid they run out of power) and these targets are less likely to be concerned about invisible threats to security. Possibly the article was released to raise more awareness of this issue and thus preempting the risk. But how can it happen? Well, we’re glad you asked!

When smart devices (iPhones, Android phones, iPads, tablets etc) are plugged into a computer the USB cable not only transmits power (charge) through the cable but also data – your computer at home will ask if the device is safe and perhaps if you want to synchronise the two machines. Of course, this is harmless (unless there’s malware on your computer or device but that’s another story for another time), but what if the charging station you’re plugging your device into to boost the battery is, in fact, linked up to a computer that someone has installed malware on? A cleverly designed malware ‘bug’ may not even let the owner of the device know it’s being installed but could give hackers insight into the device data, saved passwords and bank details – worrying!

There are several things to be aware of:

Firstly, be careful and aware when using a public USB power source, can you see clearly where the power is coming from? For example, are you plugging directly into the brick wall or could the power source be connected to a computer – be warned – computers can be incredibly small and don’t always look like a standard PC with a monitor or screen, it could just look like a box? If you’re unsure or if you’re plugging into a computer that may not be safe, then consider a ‘USB sleeve’ which can be purchased online and disable the data transmission part of a charging cable, however we think there are better options than these…more on this later.

Secondly, do not connect to an unknown USB charging cable. USB charging cables can look innocent enough but if you see one abandoned and plugged into a public charging point (looking very tempting) then it could have been left behind by a hacker and have a ‘chip’ installed. For more on this please see the link below about the ‘O•MG Cable’:

http://mg.lol/blog/omg-cable/

Also, don’t panic, remember that the threat is currently incredibly low but with things like the ‘O•MG Cable’ now in circulation it might be worth ensuring you have your own power source with you to protect against cyber-criminals gaining access to your, your business’s, your family member’s device and data. Things like power banks or the LapCabby Boost+ are, in their simplest forms, battery packs – they don’t have computer chips installed and therefore cannot have malware installed on them through a malicious cable. Therefore, we recommend charging your smart device through a personal power bank or LapCabby device. The good news is that even if a dodgy looking source had a Boost+ plugged into it then there’s no chance of transferring the ‘bug’ through the Boost+ and onto the phone/tablet. So instead of charging your phone and running the risk, charge up your power bank or plug in your Boost+ to charge multiple devices at once.

Finally, be sure to keep on top of data risks and vulnerabilities, this may sound unlikely and a threat for the future, but technologies are constantly advancing, and cyber-criminals are increasingly more adept at accessing information that puts you at risk. Be ahead of the threats by understanding how malware works and be sure those more vulnerable (older and younger generations) are taught how to keep safe.

Categories
Archives
  • User Code is any 6 digit single entry code that can be input to lock and unlock a single compartment, once unlocked the lock will reset ready for the next user
  • Technician Code is a factory default code to be reset upon first use to ensure security, this code allows access to any compartment if a User Code is forgotten
  • Master Code is a factory default code for each lock that will restore the digital lock back to factory its setting, removing access using any previous codes installed