- The Los Angeles County District Attorney’s Office has warned against using USB charging ports in public places such as hotels and airports.
- The warning says that these ports may be used as a medium to distribute malware to infect user devices.
What is the matter?
The Los Angeles District Attorney has advised travelers to refrain from using public USB charging ports because they may contain malware. Known as ‘juice jacking’, the USB charger scam involves criminals injecting malware in charging cables or stations they leave plugged in at public USB ports.
“The malware may lock the device or export data and passwords directly to the scammer,” reads the warning.
The history of juice jacking
USB chargers are said to be originally designed to transfer data as well as power. Attackers exploit this to load malware to devices when the victim believes that only electrical power is being transferred.
Over the years, many proof-of-concept exploits have been presented by researchers
- In the Black Hat 2013 security conference, a malicious USB wall charger that could deploy malware on iOS devices was presented. This proof-of-concept malicious charger was named Mactans.
- Another proof-of-concept involves an Arduino-based device called KeySweeper that pretends to be a USB wall charger. It can sniff, decrypt, and log keystrokes from any Microsoft wireless keyboard in the vicinity.
There are several other ways to exploit a legitimate USB device to launch cyberattacks.
Protecting devices from the USB charger scam
LA officials provide the following recommendations.
- Instead of a USB charging station, use an AC power outlet.
- Carry AC and car chargers for devices when traveling.
- Consider investing in a portable charger for emergencies.
Apart from these, you can also invest in a USB cable that allows only power transmission and not data transmission.