Honolulu Star-Advertiser

Friday, December 13, 2024 76° Today's Paper


Travel

Free, innocent-looking USB charging ports could rob you blind

ASSOCIATED PRESS
                                Juice jacking is the devious practice by which bad guys hijack a public USB charging port and use it to steal information from your phone or tablet.

ASSOCIATED PRESS

Juice jacking is the devious practice by which bad guys hijack a public USB charging port and use it to steal information from your phone or tablet.

It’s called “juice jacking,” which may sound as innocuous as a toddler ripping the sippy cup out of a playmate’s hands, but this is very much a grown-up problem, unless your kid is already using a cellphone.

Juice jacking is the devious practice by which bad guys hijack a public USB charging port and use it to steal information from your phone or tablet.

Those same ports you’re relieved to find when your electronic device is low on power have become a cause for worry.

This isn’t a new problem, experts say, but it has returned to the radar because the Los Angeles County District Attorney’s office recently warned unsuspecting users about “criminals (who) load malware onto charging stations or cables they leave plugged in at the stations so they may infect the phones and other electronic devices of unsuspecting users.”

If this isn’t new, why is it an issue now? It’s not only because it’s the time of year when travel is up but also because many of us rely on those chargers to get us through long days of travel, said Ron Culler, senior director of technology and solutions at ADT CyberSecurity. (Disclosure: I am a longtime ADT home-security customer.)

And here I was, Pollyannishly (yes, that’s a word) thinking those ports, in airports, on a plane or in a coffee shop, were just good, old-fashioned human kindness, a port in a traveler’s storm.

It’s a storm, all right, but that port is no port. If it contains malware coupled with evil intent, it’s no lifeline either. In fact, it can be a life wrecker.

“Just as you wouldn’t plug an unfamiliar USB drive into your laptop, you shouldn’t plug your phone into an unfamiliar USB charger,” Paul Bischoff, a privacy advocate with Comparitech, which offers security solutions and help, said in an email. “Our devices have fewer defenses against attacks from physically connected devices than (from) attacks from the internet. The malware can also be much more severe with physical access to hardware.”

Are these guys trying to scare us? After talking with both, I don’t think so.

Consider how much business we do on our phones: We buy airline tickets on our favorite carrier, and because it’s easier, we leave our credit card information on the site so we don’t have to reenter it each time. We set up house payments using our bank’s bill-pay service. We buy a barbecue gas grill on a bus commute using the Wi-Fi on board and, again, leave credit card info on the site.

I am guilty of these things, and I am guilty of one more: charging my phone wherever I can find an open port. I vaguely recall doing that before a recent flight, and I never gave it another thought.

Because, I told myself after these interviews, is this really going to happen to me? I’ve been lucky so far, haven’t I, despite not practicing good cyber hygiene? I mean, other than the $5,000 in airline tickets someone charged to my card three years ago. And the notice from LifeLock, which monitors my accounts, that my information had appeared on the dark web. And there were the recent small-dollar deductions from my bank account that took me about a month to notice.

Those evildoers know you are “an easy target when you’re traveling,” said Mike Borromeo, vice president of Stericycle, of which Shred-it, the document destroyer, is part. “You’re in a hurry; you just need a little power to get you through the flight.”

The consequences of such a lapse may lead to co-opted identity, he said, and it can be “one of the worst things that can happen.” Imagine, he said, that you’re trying to buy a house or a car and your credit has been ruined. Or what if your bank account has been drained?

Further, said Culler of ADT Cybersecurity, you can’t always tell that something has happened to your phone. The longer the misuse goes unchecked, the greater the damage.

Besides avoiding those alluring charging points, you can thwart data thieves by using a regular plug in an outlet and your own charging cable, Culler said, or carrying a spare battery charger with you. (Do that anyway just in case your flight is delayed or you left your map app open and it sucked the life from your phone.)

Keeping yourself safe from those who would harm you? You’ve got the power.

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines. Having trouble with comments? Learn more here.