A few weeks ago, the Transportation Security Administration issued two security warnings to airport travelers. First, avoid the use of airport USB chargers. Second: It warned against using free public Wi-Fi at the airport. What’s the story behind these warnings?
With regard to the first warning, this is actually an echo of an alert issued a couple of years ago by the FBI and the Federal Communications Commission. That notice claimed that “bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.” At the time, the FBI and the FCC recommended folks use their own chargers and electrical outlets in case a charge-up was needed.
This type of hacking has come to be known as “juice jacking.” The only issue is, while theoretically possible, there have been no credible reports of juice jacking actually occurring in the real world. Zero, zip, zilch, nada. Not in airports nor in other public spaces where USB chargers are available, such as hotels or coffee shops.
In addition to the actual software aspect of hacking, juice jacking requires a physical intrusion as well. That is, someone has to tap into the wires behind the wall and install a device that helps them get into your device. So not only would bad actors need technical skills, they would need traditional thievery skills such as breaking and entering, not to mention tampering.
And on top of all this, most contemporary devices are equipped with security features to warn users when they plug into strange ports.
So while TSA might be a bit too cautious with the juice jacking warnings, the second warning is definitely spot on. From the bad actors’ standpoint, why go through all the trouble it takes for juice jacking when you can just steal stuff out of thin air?
For years now, cybersecurity experts have warned against public Wi-Fi, not just in airports but basically everywhere. The security of even reputable hotspots can often be easily compromised by bad actors. The TSA warning specifically cautions against making online purchases. But it’s more than that. Other than the most benign use of your device, such as viewing public websites, you really should not do anything over public Wi-Fi.
If you really must conduct sensitive business in a public space, consider using your mobile phone carrier’s own cellular data service. Sure, you’ll use more data in your plan, but that’s a small price to pay to avoid the consequences of your device getting hacked. If you’re using a tablet or laptop that doesn’t have cell capabilities, most folks can use their cellphone as a hotspot.
Alternatively, a VPN can be used. But VPN’s are a topic for another column.
John Agsalud is an information technology expert with more than 25 years of IT experience in Hawaii and around the world. He can be reached at jagsalud@live.com.
