CHICAGO (NewsNation) — Charging phones at kiosks in places like airports, malls and even hotels may seem like a good idea when you are in a pinch, but new warnings from the Federal Bureau of Investigation are suggesting it might not be.
Chances are you’ve used them, but not everyone realizes that each time you use a public USB port or a charging kiosk to charge your phones, you may be putting yourself at serious risk of being hacked.
Earlier this month, the FBI’s Denver field office warned that plugging into one of these public chargers could give hackers unwanted access to your device, gaining access to your personal information – even your credit card numbers and photos. It also gives hackers the opportunity to load malware and spyware onto your devices — a practice known as “juice jacking.“
Hackers have been using these ports for years, uploading malware and monitoring software to the devices of unsuspecting people every day. While not every charging kiosk or public USB port is a threat, it’s best to proceed with caution.
Charles Marino, the founder and CEO of Sentinel Security Solutions, explained that malware and spyware can do everything from locking your phone to downloading sensitive information, like photos, usernames, passwords and credit card information that may be stored in your electronic wallet.
“The phone is much more than a phone now. It’s basically our token to the digital world, so you do want to take great care with it,” Bob Sullivan, an independent journalist, said.
Unlike some scams, “juice jacking” victims may not even know they’ve been hacked right away. That’s because hackers have to go back to the scene of the crime to get whatever information they’ve taken off the phones.
Marino said most of these hackers are usually with organized local groups that may or may not have a background in cyber but have learned how to exploit phones in this way.
“They don’t use this data immediately,” Max Schroeder, chief technology officer and head of cyber security at Aqueity, Inc., said. “They don’t go directly into your bank account and start siphoning its funds. This can take days, weeks, even months for it to occur.”
While it is pretty easy to avoid getting hacked this way because you have to physically plug into a hacked USB port to fall victim, the Federal Communications Commission listed four easy tips to follow to keep your phone from getting “juice jacked.”
- Use traditional power outlets instead of public USB ports or charging stations.
- Bring your own chargers that plug into power outlets and your own USB cables.
- Use a portable charger or external battery.
- Use charging-only cables, which keep data from being sent to or received by your devices while charging.
Marino said while the FBI and FCC haven’t cited any specific incidents where “juice jacking” happened, there is the capability it could happen.
“I say, ‘Where there’s a will, there’s a way’ and if there’s a way, you can guarantee criminals are going to try and exploit it, especially when it comes to technology,” Marino said.
The FCC warned that “juice jacking” isn’t the only way scammers can hack your phone, urging folks to use caution before accessing Bluetooth connections and public Wi-Fi networks.
The FBI also urged Americans to use strong and unique passwords for all of their online accounts — especially ones connected to bank accounts or credit cards — and to change those passwords often.