It’s called "juice jacking," which may sound as innocuous as a toddler ripping the sippy cup out of a playmate’s hands, but this is very much a grownup problem, unless that kid is already using a cellphone.
Juice jacking is the devious practice by which bad guys hijack a public USB charging port and use it to steal information from your phone or tablet.
Those same ports you’re relieved to find when your electronic device is low on power have become a cause for worry.
This isn’t a new problem, experts say, but it has returned to the radar because the Los Angeles County District Attorney’s office recently warned unsuspecting users about "criminals [who] load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users."
If this isn’t new, why is it an issue now? It’s not only because it’s the time of year when travel is up but also because many of us rely on those chargers to get us through long days of travel, said Ron Culler, senior director of technology and solutions at ADT CyberSecurity.
And here I was, Pollyannishly thinking those ports — in airports, on a plane, or in a coffee shop — were just good, old-fashioned human kindness, a port in a traveler’s storm.
It’s a storm, all right, but that port is no port. If it contains malware coupled with evil intent, it’s no lifeline, either. In fact, it can be a life-wrecker.
"Just as you wouldn’t plug an unfamiliar USB drive into your laptop, you shouldn’t plug your phone into an unfamiliar USB charger," Paul Bischoff, a privacy advocate with Comparitech, which offers security solutions and help, said in an email. "Our devices have fewer defenses against attacks from physically connected devices than [from[ attacks from the internet. The malware can also be much more severe with physical access to hardware."
Consider how much business we do on our phones: We buy airline tickets on our favorite carrier, and because it’s easier, we leave our credit card information on the site so we don’t have to reenter it each time. We set up house payments using our bank’s bill-pay service. We buy a barbecue gas grill on a bus commute using the Wi-Fi on board and, again, leave credit card info on the site.
I am guilty of these things, and I am guilty of one more: charging my phone wherever I can find an open port. I vaguely recall doing that before a recent flight, and I never gave it another thought.
Because, I told myself after these interviews, is this really going to happen to me? I’ve been lucky so far, haven’t I, despite not practicing good cyber hygiene? I mean, other than the $5,000 in airline tickets someone charged to my card three years ago. And the notice from LifeLock, which monitors my accounts, that my information had appeared on the dark web. And there were the recent small-dollar deductions from my bank account that took me about a month to notice.
Those evildoers know you are "an easy target when you’re traveling," said Mike Borromeo, vice president of Stericycle, of which Shred-it, the document destroyer, is part. "You’re in a hurry; you just need a little power to get you through the flight."
The consequences of such a lapse may lead to co-opted identity, he said, and it can be "one of the worst things that can happen."
Imagine, he said, that you’re trying to buy a house or a car and your credit has been ruined. Or what if your bank account has been drained?
Further, said Culler of ADT Cybersecurity, you can’t always tell that something has happened to your phone. The longer the misuse goes unchecked, the greater the damage.
Besides avoiding those alluring charging points, you can thwart data thieves by using a regular plug in an outlet and your own charging cable, Culler said, or carrying a spare battery charger with you.