Why No One Should Use Airport USB Charging Stations – There’s plenty of time before your plane departs, and your smartphone is about to run out of battery. Well, lucky you! Good thing you can charge your phone on the go. But hold on, that Instagram selfie or an urgent email might cost you a lot!
IBM Security experts say that cyber criminals use USB ports in airports, train stations and other public places to steal personal data from your gadgets. They have no difficulty modifying USB ports by installing special software that steals the owner’s personal data, including bank information.
You might think that it’s a bit paranoid, but cyber criminals are becoming more active,and this is no joke. In 2019, transport became the second priority for cyber criminals, right after financial organizations. Can you imagine that? USB chargers might be traveller friendly and installed in public places for their convenience, but they’re not necessarily safe.
Caleb Barlow, Vice President of X-Force Threat Intelligence at IBM Security, says that traveller shave always been vulnerable. Centuries ago they were attacked by pirates, but nowadays most of the thefts happen on a digital level. The thing is that smartphones receive data through the same USB port that they charge from.
In 2016, Kaspersky laboratory staff learned to install external software and viruses on smartphones using USB cables. The whole procedure only took them 3 minutes! Sure, the cyber security guru used their discovery to develop an antidote, but the ones after your info won’t be so noble. When you plug the cable into a compromised outlet, you’ll connect your smartphone or tablet to an external drive that launches the process of copying your data or installing a virus on it.
They’ll get access to all your personal information in no time. That includes your bank account, e-mail, text messages, photos and contacts. This technology is known as juice jacking. Another way they use to steal your data is called video-jacking, which is also based on using a modified USB port.
All the activity on the smartphone screen is recorded on video and allows the thieves to see what you type and what kind of info you look through. Sometimes they don’t even bother to do anything to the port itself, they just leave a cable plugged in there. Barlow says that a bad guy probably wouldn’t take the USB port apart in front of everybody.
But he could just plug in his special cable there and wait at home in front of his laptop. A man passing by might see the cable, which matches his device, and just start charging it. And this is when the software crawls into your tablet or smartphone and copies something you’d rather keep private.
Barlow compares using USB chargers left in public places to brushing your teeth with a toothbrush that you’ve found on the road. You don’t have the slightest idea who’s used it, and what for, before you. Is there any reason for the owners of the latest android and iPhones to worry? The best brains in the world are working on their security, after all!
After smartphone producers learned about juice-jacking, they did add extra safety measures to their devices. Now iOS and Android ask for your approval to get connected to an external device. But if you’re prone to agree to anything your smartphone offers without looking, that won’t be much help. There’re other risks too.
If you’ve got an Android with an older operating system, or the USB debugging mode is switched off, it’ll be no problem to pass a virus onto it. There’s a function on the latest Apple devices called USB Restricted Mode – it’s an innovative defense mechanism, which prohibits data exchange during charging through a USB port.
Android models face greater risks, though they’re also packed with their own software,which bans unapproved access to your data. If you’re using a device with the latest version of operational system, in theory, there shouldn’t be much danger. But still, if you need to charge it urgently in a public place, don’t use a public USB port.
You’ll never know what cyber criminals will come up with next! So if the only way to have guaranteed protection from fraud is to avoid using USB chargers in public places, what can you do if your smartphone has a low battery? Well, bring a common charger and plug it in a common outlet. This is less convenient, since there aren’t as many of them in airports, but it’s definitely safe.
Another option is to charge a power bank through a USB port and then charge your smartphone with it. If that’s still not enough, you could buy a special USB cable, which lets you charge the device, but doesn’t allow the exchange of data. You can also follow suit with the White House and buy a special mobile security gadget for less than $30.
It’s called a Juice-Jack defender and will protect you from identity theft and malware while charging. There’s also a completely different kind of danger when it comes to charging your smartphone through a USB cable: the device can simply burn out from voltage swell. The construction of an outlet in a public place is very simple: it’s a plug directly connected to wires.
If it’s having issues, and is connected to your smartphone, it can destroy it. And yet, despite the huge risks, even people who should know better get careless. At an RSA conference in San Francisco, which is devoted to cyber security, one of the companies put a charging station at their stand and offered USB cables to the participants.
They did this to see how many people would use public chargers. The result was 80%. And none of them asked about security measures. They probably felt safe because they were at a cyber security conference, but now you know that you should always keep an eye out. An even crazier thing happened at DefCon.
Dozens of experts on information security fell into a trap themselves. They started charging their devices from a free charge station. They all eventuelly got the message not to plug in their personal gadgets to some dubious boxes. Especially at this particular conference! What about you? Do you charge your gadgets using public USB spots? Did you ever think that they could be unsafe? Before you run to charge the power bank, here’s some more advice on how to protect your security.
– Install multi-layered control to all of your online bills.
– Create 12-symbol passwords. It shouldn’t be your mother’s maiden name, the last 4 numbers of your passport number, your birthday or your address. These are the easiest passwords to crack for people with bad intentions.
– Don’t use the same log in and password for all of your accounts.
– Change passwords every 6 months.
– And don’t share the details of every single step you make on social media. Remember that in doing so, you make it easier for actual thieves to trace your route and rob your house while you’re on a business trip or vacation. It’s just like you’re leaving the door unlocked to let them in! Each time you sit in the airport and feel like sharing with your friends that you’re going somewhere, think twice. What picture are you going to show, and how could it harm you?
– Don’t ever show your boarding pass on social media.
At first glance it looks like the only information you can get from it is a passenger name and the booking reference. But someone will be able to get access to your personal info on the airline’s site, where passport data, e-mail and your loyalty program number are kept. With this info, they could cancel your return ticket, and your vacation will be ruined.
Your personal data could also be used to make a false credit request. If you still don’t feel like the vacation has started until you take a traditional picture of your passport with a boarding pass, delete the ticket number, booking reference and any data about your flight from the picture before posting it.
The same rule applies for bar codes, which can be used with bad intentions too. My rule of thumb: Imagine Charlie the cyber-criminal is looking over your shoulder, ready to pounce on any morsel you drop. Your goal: Starve Charlie.