Hackers can load malware into charging stations at place like airports and malls, allowing them to steal the data of unsuspecting users, experts warn.
“Low phone battery.”
It’s a notification that can inspire a sense of dread for anyone on the go without an outlet in sight.
And while free public charging stations have provided some relief in those situations, experts warn that powering up could give hackers a way into your personal information.
“Depending on the vulnerability they exploit, they would have access to everything you would have access to on your phone,” said cybersecurity expert Jim Stickley.
The practice, known as “juice jacking,” occurs when people plug in to “juice” up their phones and hackers use malware in the charging station or USB cable to “jack” their information, such as phone numbers and passwords.
The scam has prompted local authorities, including the Los Angeles County District Attorney’s Office, to alert the public to think twice about plugging in at places like airports or malls.
“You might have seen a public USB charging station at an airport or shopping center. But be warned, a free charge could end up draining your bank account,” Los Angeles County Deputy District Attorney Luke Sisak said in a video warning in November.
To find out just how easy it can be for a hacker to gain access to a charging phone, Stickley gave NBC News access to a simulation he set up along the Port of San Diego in Southern California. Through special hardware installed in a homemade charging station, Stickley was able to watch and record everything being shown on the screen of a connected phone.
NBC News correspondent Vicky Nguyen posed as the first victim.
“Now we get to the best part. She’s actually entering in her credit card number,” Stickley said as he watched Nguyen shop on Home Depot online.
In four hours, dozens of people stopped at the makeshift charging station to power up their phones. Some expressed shock when they were told it was a setup.
A woman who identified herself as Ruth gave NBC News permission to access her phone through the charging station and demonstrate the type of information being retrieved from her device. In a matter of seconds, her personal Facebook messages popped up on a separate monitor.
“It’s dangerous,” Ruth said.
Stickley said the response from people like Ruth is hardly uncommon.
“Most people assume their computers can be hacked,” he said. “Most people assume their phones can’t.”
Stickley said that among the most critical pieces of information a hacker could gather from one’s phone is a personal email, which can later be used to reset passwords.
“Having access to your email has become very valuable, because, if you think about it, every account you have requires access to your email,” he said. “Everybody’s login is your email, and that’s the problem.”
In its warning to consumers, the Los Angeles County District Attorney’s Office said it recommends using power outlets instead of USB power stations and buying portable chargers that can be used on the go.
To access your AWP EAP services, call 1-800-343-3822. Your EAP is here to help with family, work, health and legal issues. EAP Services are provided at no cost and are 100% confidential.
Alliance Work Partners is a professional service of Workers Assistance Program, Inc.
Copyright © 2020 Workers Assistance Program, Inc.