SAN FRANCISCO — I know the feeling: Your battery is low, but you have to keep tweeting. You see a USB port or an outlet in public, plug in your device and feel the sweet relief of your phone charging.
That comfort could be shattered by an invisible attacker collecting information while your phone is plugged in to a hacked outlet.
“Just by plugging your phone into a [compromised] power strip or charger, your device is now infected, and that compromises all your data,” Drew Paik of security firm Authentic8 explained. Authentic8 makes Silo, a secure browser that anonymizes web activity.
Public charging stations and wi-fi access points are found in places like airports, planes, conference centers and parks, so people can always have access to their phones and data. But connecting your phone to an unknown port has its risks.
The cord you use to charge your phone is also used to send data from your phone to other devices. For instance, when you plug your iPhone into your Mac with the charging cord, you can download photos from your phone to your computer.
If a port is compromised, there’s no limit to what information a hacker could take, Paik explained.
That includes your email, text messages, photos and contacts. It’s called “juice jacking,” a term coined by researchers back in 2011. Last year, the same researchers demonstrated “video jacking,” using hacked ports and your phone’s video display to record everything you type and look at.
And yet despite the risks, people do it all the time. Even at prominent security conferences.
This week at the RSA security conference in San Francisco, Authentic8 set up a charging station at its booth, offering cords for people to charge devices.
The company ran an informal social experiment to see how many people would use the public charging stations. Paik said an overwhelming number of attendees — about 80% — connected their phones without asking about the security.
“The majority are plugging in no problem. They are at a security conference and they should know better, but they probably feel safe,” he said. “The others are making fun of them. They just walk by and say, ‘Do people really do that?'”
You shouldn’t use public outlets — instead, invest in a portable USB battery pack. You can also buy USB cords that don’t have wires to transmit data and prevent anyone highjacking your phone’s information.
But, Paik said, it’s best to just rely on your own charger.
“If they’re concerned about security, don’t use public ports,” he said. “If they’re desperate and need to upload your selfie, take your chances.”