From Juice Jacking to USB Condoms: The Weird World of Phone Charging Safety

by joeheg

Much to my wife’s dismay, I spend too much time watching videos on YouTube. I say that I’m watching for work, but it’s a way for me to unplug. In addition, it’s a massive time suck. I realize this, but I’m not going to stop.

Occasionally, I find videos that I can use for the website. Whether they inspire a post or serve as a reference, I feel this justifies my searches through the massive internet video archives (Note from Sharon: No it doesn’t).

Several months ago, I saw this short about public charging stations. Beware, the language in the video may be NSFW.

Why should you believe this video? It’s from Jason Thor Hall. Besides being an indie game designer, his prior career was in internet security. More accurately, he worked as a “good hacker,” stopping gamers from finding vulnerabilities for Bilzzard and, before that, finding exploits in systems for the Department of Energy.

So if he says that public charging stations can be used to hack your phone, I believe him.

In fact, “juice hacking” has been a known vulnerability for over a decade. It couldn’t be more obvious that plugging your phone into an unknown source might be a bad idea. However, that doesn’t mean I haven’t used a USB-A outlet in an airport lounge to charge my phone before a flight.

a power outlet on a table

And while the FCC devotes a webpage to how to avoid having your data stolen by a nefarious charging station, they also claim that while “juice jacking” has been demonstrated to be technically possible as a proof of concept, they are not aware of any confirmed instances of it occurring.

Wouldn’t it be great if all airports offered wireless charging, like the new Terminal C at MCO?

a black rectangular object with a circular holeFBI field offices are posting on Twitter (oops, X) about the risks free charging stations present to travelers.

So, while the risk may be low or even non-existent, Vox, who is skeptical about the risks, makes this point.

Or maybe you just aren’t comfortable with even the theoretical possibility that this could happen. After all, just because it doesn’t seem to have happened yet in the 12 years since it first came to the public’s attention doesn’t mean it never will. Markus says it’s relatively simple to create a seemingly legitimate charging station and place it in a high-traffic area where a lot of people are likely to be trying to charge their phones. Then, all a hacker would have to do is sit back and wait for victims.

There are risks, and if you’re inclined to be extra cautious, there are a few easy things you can do to protect yourself.

  • Don’t use a charging station: Obviously, but when your battery is running low and you won’t be able to get back to a trusted charger soon, that’s not a big help. So …
  • Bring an external battery with you. If you have your own supply, you won’t have to plug your phone in to charge it.
  • Don’t charge through a USB port: The USB ports are the threat here. Old-fashioned electrical sockets are secure. Bring your own cord that plugs into the wall for power without worry.
  • Use a charging cord you trust: Hackers have also figured out how to steal your data through certain USB charging cables, although this threat appears to be as theoretical as juice jacking. Still, if you’ve come this far and you’re this worried about insecure USBs, you might as well go all the way.
  • Buy a condom for your USB cord: Yes, these exist. They make it technologically impossible to transfer data, and they’re pretty small and easy to carry around. Just make sure you’re buying a known brand from a reputable place.

Final Thought

Have I ever charged my phone with a random USB outlet? Yes, I have. Did I feel unsafe doing so? Yes, I did.

Do I prefer to use a charging brick that can be plugged into a power outlet? Yes, I do.

So, while I prefer not to use a USB connection to charge my phone, I know that the risk of my data being stolen is minimal if I do. Am I putting too much trust into Apple or Google to protect me from hackers? Probably so. But it’s probably less risky than connecting to a public Wi-Fi without a VPN, which I’ve also done more often than I should have.

Want to comment on this post? Great! Read this first to help ensure it gets approved.

Want to sponsor a post, write something for Your Mileage May Vary, or put ads on our site? Click here for more info.

Like this post? Please share it! We have plenty more just like it and would love it if you decided to hang around and sign up to get emailed notifications of when we post.

Whether you’ve read our articles before or this is the first time you’re stopping by, we’re really glad you’re here and hope you come back to visit again!

This post first appeared on Your Mileage May Vary

Leave a Comment