The scenario is the same, you are out of the house and find your phone is at 4% of battery life remaining. What to do? Then in the distance that “technology oasis” with a free charging station! Just plug in with the provided (or your own) USB cable and hook up your device for a free charge.

Guess what, that free charge could be costing you a lot more in the future. Hackers (“bad actors”) too have found this oasis to be a good opportunity, not to charge their device, but to easily attack unsuspecting people. Just like when you use your computer to charge your device, the computer does more than supply power to the device, it opens a channel for the device and your computer to share data. Normally, when you do this, it is planned and on your trusted machine, but what if you didn’t know? Like at a charging station? Yup, you are right, your device is vulnerable to possibly a straight copy of all data, or copying information that you may be sending in you apps, while you use the device while it charges (it is called “Juice Jacking” read more about it here ) that can be gotten before you disconnect (imagine how much data can be downloaded in 30 minutes while you get a quick charge…) or maybe worse a “side loading” of a corrupt application to do more malicious damage and steal account information.

Would it be worth the “Free Charge”? I bet the answer is a resounding “NO!”

If you are in a scenario like this in the future, I recommend you always use your regular charger and an available wall outlet (kept in your view of course) and not the free charging stations.
Also, as an indicator of how easy it is to implement, this is a company that makes these types of devices for “Red team” use in penetration testing a network (Red team are the “attackers and “Blue team” are the defenders when conducting a penetration test for someone). But as you can see it is available for ANYONE to buy. So, in the wrong hands…. well, you know what could happen. So, if you travel and want to ensure your safe if you need to use one of the many “free charging” stations, I recommend getting a USB passthrough device (sometimes call a USB condom) to ensure no data is exchanged ( these devices are good and I have them in my computer bag, just in case. Now, you may be saying, but Rob, I forgot my plugin charger and I don’t have a USB condom, what do I do?? Well in that case, I say, plug into the charging station, ONLY AFTER you turn the device OFF (and leave it off while it charges). This way, only the charge will get to your device and no data will leave!

Newsletter by:  Rob Collings, ISHPI’s VP of Cybersecurity | CISO

April 6, 2023