Public USB Wall Chargers May Infect Your Devices With Malware, Experts Warn

Travelers may find the public USB charging stations convenient as they can power their devices anywhere they go. However, recently, the Los Angeles District Attorney warns that these stations may contain malware that can infect your devices if you plug them in.

The infection is possible because the USB connections can work as both a power and a data transfer medium. As handled devices like tablets and smartphones becoming more popular in the past few years, bad actors discover that many users still think when they plug their devices in, the only thing that comes through is power. Exploiting this weakness, they can send secret data payloads without users’ noticing.

This type of attack is actually very common, and it has its own name, called “juice jacking.”

Over the years, many proofs-of-concept were made. One of them is Mactans, introduced at 2013’s Black Hat security conference. It is a USB wall charger that can infect iOS devices with malware.

The concept was developed further by Samy Kamkar, a security researcher three years later, and became KeySweeper, a device based on Arduino which appears as a USB wall charger that can decrypt, record and send all keystrokes from any Microsoft wireless keyboards in the vicinity back via GSM.

As Kamkar introduced his device, the FBI issues an alert advising any organization or company with such chargers to review them all.

Also in 2016, a separate team of researchers unveiled a proof-of-concept USB wall charger, which can record and mirror the screen of any device plugging in it. This method is now known as “video jacking.”

Since there are several ways the attackers can exploit the innocent-looking USB wall charger, the LA District Attorney includes various attack vectors in their warning.

One of the most common ways for attackers is to “accidentally” leave some portable USB charging devices on AC sockets in public places. Criminals can also load malware to the public charging stations so frequent travelers should always be cautious avoiding the USB wall charger and go for the AC charging ports.

While the warning does not mention USB cables found in public places, they can also be infected with malware. Electronic parts and microcontrollers are so tiny these days they can easily be inside charging cables. The O.MG Cable is the perfect example proving that a benign cable can hide unexpected harms.

Here are what users should do to avoid falling victims of these attacking attempts:

• Avoid USB charging stations in public places, use the AC power outlets instead.
• When you travel, bring a car or AC chargers with you.
• Purchasing a portable charger is advisable to keep you safe.

These measures should work in protecting users against attacking attempts. However, there are other options you can consider. One of them is the USB "no-data transfer" cables with the USB pins for transferring data removed. Since they have only the power transfer circuit in place, no data can go through and into your smartphones. They are available on Amazon and many other accessory stores.

Another method is to use a USB condom, which serves as the intermediary between users’ devices and the public USB charger.

The names of the two devices are Juice-Jack Defender and SyncStop (the former name is USB Condom). Other options with similar functions are also available to purchase.