SK-CERT Recommends: Do Not Use Public USB Charging Stations

As part of the “SK-CERT recommends” series, we bring you recommendation on how to charge your devices on your journeys and what to avoid in order not to become a victim of a cyberattack.

The FBI Denver Department posted a warning on Twitter in April against charging the devices through public USB ports in airports, hotels, shopping centres and other public places. SK-CERT had already recommended in 2019 not using public USB ports.

The National Cyber Security Centre SK-CERT recommends not using public charging stations, which are now commonly available, for example, in airports, train stations or department stores. Today, these charging stations are proven to be a tool of attackers, allowing them to install malicious code on mobile devices (mobile phones, tablets and also laptops) or to access the data on the device. This attack is referred to as “juice jacking“.

You may have noticed that when you charge your device through your computer’s USB port, you are given the option to move data between devices. Under certain circumstances, it is possible to access your phone even without such confirmation. The risk increases dramatically if your device does not have the latest updates applied, which for many devices are no longer released by the manufacturer.

Compromised charging stations can be configured to install malware on devices. Just a short connection of your device to a compromised charging station can jeopardize all data on the device. But that’s not all. Unlimited access to your device allows attackers to remotely access online platforms you are logged into, saved passwords, Internet banking and so on.

The attack can be executed not only through the charging port, but even through a specially modified charging cable to extract data from a connected device or to infect the device with malicious code.

This risk can be managed in several ways:

  • Using own power adaptor from 110/230 V to USB enables fast charging and high security. It is advisable to have different adaptors that will fit the sockets in the countries you are travelling through.
  • There are products on the market (USB filters) that turn the USB cable into a charger only, i.e. when you use them, they only allow charging, and no other activities. This solution is good in terms of security, though it has one drawback. Such charging is very slow because the device cannot “negotiate” the correct power supply level with the charger. However, it is essential to have a USB filter from a trusted source, i.e. from a trusted manufacturer, because otherwise the USB filter itself can be an attacking device.
  • Another solution are power banks – portable batteries that allow charging via USB. These devices enable high charging speed. But the power bank is not a USB filter – if you connect it to both your device and a public USB charger at the same time, you may have a problem (about which is this whole article). The simple solution is not to charge the power bank from a foreign source while charging the mobile device.
  • Wireless charging can also be risky, so avoid public charging stations that offer this option.
  • If you do not have your own charging accessories (your own charger with cable, your own power bank), borrow such accessories from a person you really trust.

Do not rely on your devices’ software settings – they contain lots of exceptions and limitations that are easy to bypass and in reality they do not protect you very much. Therefore, SK-CERT recommends following only the above-mentioned measures.

« Späť na zoznam