Tue 11 Apr 2023:
The FBI has advised Americans to avoid using the free phone charging stations that may be found in hotels, airports, and other public areas because they could be used to hack into devices and could be a privacy issue.
While it’s unclear what prompted the advice, the bureau’s Denver office recently made a case against public charging sites in a social media post, reflecting a similar guidance offered on the FBI’s website.
“Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices,” it said, suggesting people “Carry [their] own charger and USB cord and use an electrical outlet instead.”
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
The FBI is not the only federal agency to issue a warning about the phone chargers, with the Federal Communications Commission (FCC) also claiming that malicious actors can use USB ports to transfer malware onto the devices of unsuspecting users – a tactic it calls ‘juice jacking’.
Such malware can provide access to sensitive data, including passwords, which can be used for various forms of identity theft.
Some devices, including some iPhones, offer protection against juice jacking attacks by warning users about untrustworthy connections, but more sophisticated malware is able to bypass the alerts.
However, despite the alarms sounded by the federal government, it remains unclear just how common such attacks really are. After the Los Angeles County District Attorney’s Office issued an advisory warning travelers of the dangers of public charging sites in 2019, TechCrunch asked the agency for any reports of known cases of juice jacking.
The office responded that it had no cases on its books, and was unable to point the outlet to additional resources documenting the phenomenon.
Malware — a programme typically designed to disrupt or gain unauthorised access into a system — constitutes one of the biggest threats in the IT industry.
Globally, about 5.5 billion malware attacks took place in 2022, an increase of 2 per cent from 2021 and nearly half the 10.5 billion peak recorded in 2018, data from Statista shows.
Cyber attacks can cause reputational and financial damage to users. The global average cost for a data breach in 2022 was $4.35 million, up from $4.24 million the previous year, according to the latest edition of IBM’s Cost of a Data Breach report.
WHAT IS ‘JUICE JACKING’?
• Juice jacking, in the simplest terms, is using a rogue USB cable to access a device and compromise its contents
• The exploit is taken advantage of by the fact that the data stream and power supply pass through the same cable. The most common example is connecting a smartphone to a PC to both transfer data and charge the former at the same time
• The term was first coined in 2011 after researchers created a compromised charging kiosk to bring awareness to the exploit; when users plugged in their devices, they received a security warning and discovered that their phones had paired to the kiosk, according to US cybersecurity company Norton
• While juice jacking is a real threat, there have been no known widespread instances. Apple and Google have also added security layers to prevent this on the iOS and Android devices, respectively
SOURCE: INDEPENDENT PRESS AND NEWS AGENCIES
___________________________________________________________________________________________________________________________________
FOLLOW INDEPENDENT PRESS:
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
Think your friends would be interested? Share this story!
