The USB charging stations in airports often appear to be a welcome oasis in a desert, but you might want to think twice about using them. As it turns out, they aren’t exactly safe. Cybercriminals can easily modify these devices to install malware on your phone, or transmit other unwanted data. You run a similar risk by using any old USB stick that has been left unattended for a long time, or random accessories seemingly “forgotten” by other travelers.
According to the 2019 IBM X-Force Threat Intelligence Index, the transportation industry has become one of the main targets for cybercriminals, and the second-most attacked industry in the world. The index shows that since January 2018, a whopping 566 million records from the travel or transport industry have been leaked or compromised.
Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security, said, “Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been. And remember that that USB port can pass data.”
Barlow explained that for cybercriminals, manipulating the charging cord system is rather easy. They don’t have to take apart the whole charging station, but can simply leave their charging cord behind. “Now,” he said, “if you see an Apple charging cord, you’re likely to grab it or just plug into it. But inside this cord is an extra chip that deploys the malware, so it charges your phone but now [the cybercriminal] owns your computer.”
Instead of using charging stations, he recommended bringing your own charger to the airport, or investing in a $10 Juice-Jack Defender, which attaches to the charging cord and prevents any data transmission.