Agents of the FBI have made a shocking warning that public charging stations with USB ports could end up being used to download malware packages onto the devices of any unsuspecting users.
Groups of malicious actors can make use of these USB ports, which are often available in areas such as public transit and airports for travelers that have devices running low on charge, as mechanisms to install malware onto the unsuspecting users' computers or devices, thereby permitting criminals access to transactions or passwords.
"Avoid using free charging stations in airports, hotels or shopping centers," explained the Denver FBI field office via a warning posted to social media this past week. "Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead."
Government officials have been warning against the use of any public charging stations for many years. The Federal Communications Commission has previously spoken out that the process of "juice jacking" can take place via these USB ports; software utilized by criminals can then "lock a device or export personal data and passwords directly to the perpetrator," using the information to gain access to "online accounts or sell it to other bad actors."
It has been found that fraudsters will hand out infected cables as promotional gifts or leave their cables hanging from USB outlets. The Federal Communications Commission has issued the recommendation that travelers make use of AC power outlets, avoid all USB outlets, and bring their own cables and equipment or external batteries with them. The use of Charging-only cables -- which only allow power and not data to pass -- can also be bought and utilized if obtained from trusted suppliers.
Groups of analysts out of the Institute of Technical Education and Research in India have also elected to release a paper explaining that the use of an external power bank is "the best approach to avoid juice jacking attacks." On the group's website, Security Research Labs explained that benign devices can possibly "turn malicious" due to a juice jacking and wind up infecting other USB devices.
"No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices," commented the cybersecurity consulting firm. "Behavioral detection is difficult since behavior of an infected device may look as though a user has simply plugged in a new device. Blocking or allowing specific USB device classes and device IDs is possible, however generic lists can easily be bypassed."
This idea of juice jacking does not seem to be all that particularly prevalent despite the warnings from multiple agencies.