You often hear advice from tech experts not to use public WiFi and USB power charging stations in airports, hotels and other public locations. This is because there is always a risk and fear that someone might hack into your phone using malware. If you are a frequent traveler, not using public charging stations could prove an inconvenience. You can, however, easily overcome this issue by using a USB condom or USB data blocker.
Public USB chargers: why you should avoid them
USB connections are designed in a way that it works for transferring both data and power. Moreover, there is no formidable barrier between the two as well. With the growing popularity of smartphones, hackers have devised more ways to enter into your smartphone, and USB power charging is one of those.
So, a user using a public USB power charging station might think that they are only transferring electrical power. In reality, it could happen that the USB charger is transferring secret data payloads to a hacker remotely. Such types of attacks are commonly known as “juice jacking.”
Over the years, there have been several evidences (not real world) of such types of malware, including Mactans. It was a malicious USB wall charger with the ability to deploy malware on iOS devices, and was presented at the 2013 Black Hat security conference.
Then in 2016, security researcher Samy Kamkar introduced KeySweeper, which was an Arduino-based device dressed as a functioning USB wall charger. This device had the ability to wirelessly snoop logs and reports, as well as report keystrokes from all nearby Microsoft wireless keyboards.
In 2016, another team of researchers came up with a proof-of-concept malicious USB wall charger. This wall charger had the ability to record and mirror the screen of the device plugged into the charger.
After Kamkar’s presentation, the FBI issued a nation-wide alert against the use of USB chargers. The agency also asked the companies to ensure that they had no such devices in use.
How hackers exploit USB wall chargers
Hackers can exploit USB wall chargers in several ways. The most common is via “pluggable” USB wall chargers. Basically, these are portable devices that can be plugged into the AC socket. Another trick that hackers use is infecting the power charging stations installed in public places.
One more way that hackers use is leaving behind USB cables in public places. Such USB cables usually attract those who have forgotten their own chargers. The microcontrollers and electronic parts have nowadays become so small that hackers can easily hide them in a USB cable itself.
OMG! 2 months + 8 devs + O•MG Cable = malicious wireless implant update!
This update brought to you by the chaos workshop elves: @d3d0c3d, @pry0cc, @clevernyyyy, @JoelSernaMoreno, @evanbooth, @noncetonic, @cnlohr, @RoganDawes
More info: https://t.co/kkhUppsqiC#OMGCable pic.twitter.com/fIzOaKJSxL
— _MG_ (@_MG_) 12 April 2019
“Travelers should avoid using public USB power charging stations in airports, hotels and other locations because they may contain dangerous malware…. The malware may lock the device or export data and passwords directly to the scammer,” Los Angeles County District Attorney’s Office said in an advisory issued recently.
Use USB condom while traveling
There have been no real world cases of “juice jacking” beyond the experimental work. Yet, it is always better to take precautions to protect your data.
The most effective way to protect your device against such attacks is not to use public USB chargers. You can always carry a powerbank with you. However, if you feel you can’t live without charging your phone in public areas and you can’t carry a powerbank as well, then the best and the most economical solution is to use a USB condom.
A USB condom is a little gadget that you can use to prevent any unknown attack on your device while it is charging at a public place. All you have to do is connect this USB condom to your device.
If you feel the term USB “condom” is a bit out of context, you can also call it a USB data blocker. You can buy these devices for under $10, and it will allow you to use public USB chargers without any worry. For instance, the PortaPow 3rd-gen USB data blocker will cost you just $7, while another such device is SyncStop. This is a small price to pay for peace of mind.
Basically, these devices stop all data transfers by removing the connection. You can use a USB data blocker with any USB device, and not just with your phone. It cuts the access to the pins that are used for transferring data, while the pins to receive power are left open. This means your device won’t be able to transfer even a single bit of data when it’s connected.
It is an effective solution to all your fears of using a public USB charger. Other ways to prevent against juice jacking is to use AC power outlets and not a USB charging station. Also, you could carry AC and car chargers with you when you are traveling.
