The Los Angeles District Attorney’s Office has issued a warning to citizens, asking them to avoid using USB charging stations at airports and other such public areas. The warning was issued on suspicion that the charging stations could be infested with malware that will eventually get on their devices.
“It [malware] loads itself into the phone and can either monitor the phone in real time, sometimes download information from the phone, sometimes clone the phone completely and you don’t even have to be using it… Credit cards, passwords to banking accounts, your home address — all of that, if you’ve ever put it into the Internet anywhere could potentially be saved in your history in your phone,” Luke Sisak, Deputy District Attorney, said in a statement (News4Jax).
Using cables that are already connected to the charging stations is also risky. People unsuspectingly tend to use them without realizing that they could be put in place by a hacker. When it comes to USB ports, all a hacker has to do is to rip them open and replace them with their modified hardware. An average person would just see the port and plug in their device without a shred of suspicion.
“It’s easy to modify the outlet if the attacker has physical access… People want the convenience of charging their phones and tablets wherever they go… Obviously I would like it too, but there is a risk,” Vyas Sekar, a professor at CyLab, a security and privacy research institute at Carnegie Mellon University, said to The New York Times.
In August, an adapted iPhone Lightning cable called the “OMG cable” that enabled remote hacking of the connected devices was showcased at the DefCon cybersecurity conference. The cable comes equipped with a tiny implant that a skilled attacker in the vicinity can use to access the device. Though the cable is targeted at security experts, it shows how vulnerable people can be when it comes to securing their devices. The OMG cable is capable of accessing a device located up to 300 feet away.
The easiest way to protect your device from being hacked through USB charging stations and cables is by getting a USB charge-only adapter. “The data pins are disconnected in the dongle so it’s like a physical firewall. The downside (besides having another dongle) is that it will only offer you 1A charging — so no quick charge for you,” according to CoWorkaholic. These devices are also known as “USB condoms.”
People with Android devices can use charge-only cables that work in a similar way to the dongle. But make sure that the data pins of the cable are shorted. This ensures that no data connection to the device can ever be established through the cable, thereby keeping your data safe.
Another solution is to charge your device only from a portable battery. Keep the battery charged and take it wherever you go. This way, you will never have to plug your smartphone into a USB charging station. And in case such a situation does arise, first get the portable battery charged and then power up your phone by connecting it to the battery.
In some cases, the charging station might offer a standard AC power outlet together with USB charging ports. Use the power outlet in such scenarios. There is absolutely zero risk of data connection happening through the power outlet. This is true even when data is transmitted over the wiring. However, remember to only use your own charger.