FBI warns against using public charging stations due to malware and 'juice jacking' risk

The FBI has warned against the use of public charging points for electronic devices, saying they can be a gateway for cyber criminals.

Public charging stations heightens the risk of bad actors installing malware and gaining access to devices, the top US law enforcement agency's Denver department said on Twitter.

“Avoid using free charging stations in airports, hotels or shopping centres. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software on to devices,” the FBI said.

“Carry your own charger and USB cord and use an electrical outlet instead.”

Charging stations have become ubiquitous in public spaces, including malls, hotels, restaurants and parks, providing users a convenient way to power up their devices.

However, the practice has paved the way for what is called “juice jacking”, which simply means using a USB connection to compromise a device.

Aside from bringing personal charging equipment, it is also advised to plan ahead and charge devices before stepping out to prevent any cyber risk that may result from using public charging points.

Malware — a programme typically designed to disrupt or gain unauthorised access into a system — constitutes one of the biggest threats in the IT industry.

It is part of the wider cyber crime sector projected to cause global financial damage of about $10.5 trillion by 2025, according to data from Cybersecurity Ventures.

Globally, about 5.5 billion malware attacks took place in 2022, an increase of 2 per cent from 2021 and nearly half the 10.5 billion peak recorded in 2018, data from Statista shows.

Cyber attacks can cause reputational and financial damage to users. The global average cost for a data breach in 2022 was $4.35 million, up from $4.24 million the previous year, according to the latest edition of IBM's Cost of a Data Breach report.

The FBI has similar guidance on its website, covering a variety of topics on internet safety, including warning against conducting sensitive transactions on a public Wi-Fi network.

“Every day tasks — opening an email attachment, following a link in a text message, making an online purchase — can open you up to online criminals who want to harm your systems or steal from you,” the FBI said.

“Preventing internet-enabled crimes and cyber intrusions requires each of us to be aware and on guard.”

It is not clear if the FBI warning is prompted by any specific case, but US authorities have warned about “juice jacking” in the past.

Most recently, the Federal Communications Commission also warned that cyber criminals can gain access to online accounts and even sell them in the dark web through “juice jacking”.

“Cyber security experts have warned that criminals can load malware on to public USB charging stations to maliciously access electronic devices while they are being charged,” the FCC said.

“Malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator.”

The Los Angeles County District Attorney’s Office in November 2019 had also cautioned travellers about USB charger scams.