Actually, Charging Your Phone in a Public USB Port Is Fine
Reading Time: 5 minutesRelax! Those Reports of Dangerous Public Phone Charging Stations Are Bogus., Here’s how the FBI, the FCC, and hundreds of news organizations got this one wrong., Free public phone chargers: The FBI’s warning is bogus. And juice jacking does not appear to b
Over the past week, hundreds of articles have been written warning the public not to charge cellphones at airport or hotel USB ports. Most of the news items cite a recent tweet from the FBI, which includes the menacing detail that ‘bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.’
‘FBI warns against using public phone charging stations,’ CNBC wrote on Monday. ‘FBI says public phone chargers may put your data at risk: What to know,’ the Washington Post wrote on Tuesday. As of Wednesday afternoon, CNN and Good Morning America were dominating Google News’ business headlines with their coverage of the threat, which many referred to as ‘juice jacking.’
For those of us who tend to find ourselves holding a phone that’s about to die in a situation that urgently requires keeping it on, this was terrifying news. As it turns out, though, not only is the scam not increasing, there’s little evidence that it has ever posed a real threat to the general public. And what actually did happen, I found after contacting multiple government agencies, is this: On April 6, someone in the FBI’s field office in Denver decided to resurface an old warning about juice jacking that the Federal Communications Commission had in fact posted to its site—in 2019.
‘It was a standard PSA-type post—nothing new,’ Vikki Migoya, an FBI spokesperson in Denver, told me in an email.
Because it’s the FBI, hundreds of news outlets and content creators took it seriously and acted as if something new had happened, though an FCC spokesperson assured me that it hadn’t and said that the agency was surprised by the newfound attention to the issue. Still, because the FCC was suddenly getting so many inquiries about the topic, it decided to update its original tips page and put out multiple tweets about the scam on April 11, which further reinforced the false idea that authorities had just uncovered some sort of malicious juice-jacking ring.
Ultimately what the whole scenario offers is not a warning to avoid public charging stations, but a reminder that verified social media accounts from government agencies are uniquely equipped to create unfounded mass hysteria.
I first began to suspect that this story was a hyped-up mess when I went looking for a concrete example of someone who had been ‘juice jacked.’ On TikTok I found reports that ‘all citizens’ should be aware of the scam, which ‘had been increasing.’ Buffalo-based country-radio station 106.5 WYRK also implied that it was a particularly serious local issue, warning,’DO NOT Use Public USB Chargers in New York State.’ But on social media, the only first-person accounts of getting #juicejacked I could find involved a vegan and a fighter getting ‘jacked up’ on actual juice and someone who ‘can not confirm 100%’ but had noticed ‘odd behavior.’
Why couldn’t I find any actual people charged with or victimized by juice jacking, I asked Andy Thompson, an ‘offensive cybersecurity evangelist’ at CyberArk, an information security company.
‘Because it doesn’t exist,’ he explained. Zulfikar Ramzan, the chief scientist at the consumer cybersecurity company Aura, agreed, ‘There isn’t much evidence to show that ‘juice jacking’ is a widespread problem,’ he said. To be clear, ‘From a proof of concept perspective it works,’ Thompson told me. Cybersecurity analysts have known about this hypothetical threat since 2011, he said, when it made headlines at DefCon, the annual hacker convention in Las Vegas. It is possible, as the FCC site suggests, that ‘malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator.’ Criminals can then, in theory, steal valuable passwords or other private data or install spyware. But it’s really only considered to be a desirable attack method for hackers, he said, if they are targeting a particular individual, like a high-level executive, government official, a political dissident, or an investigative journalist. In that case, Thompson said, it’s more common to replace a cable in that person’s office or other space that they will definitely use, he said, rather than sabotaging a public port. It also helps that new Androids and iPhones ask users whether they want to share their data or charge only when they plug into a USB port that is set up—transparently or covertly—to capture data.
So how did we get to this week’s new cycle? Asked if there was a particular incident or series of incidents that prompted the tweet, the FBI spokesperson in Denver apologized. ‘I am sorry I can’t give you an answer that is more newsy,’ she wrote. Rather, ‘it stemmed from this FCC warning‘ she said, linking the 2019 statement. The reason the FBI social media person shared it is because the agency ‘regularly provides reminders and public service announcements in conjunction with our partners,’ she wrote.
In other words, it seems that the FBI, like every many other entities in America, feels the need to put out content and turns to old stuff when nothing new is going on (hey, MediaDownloader’s been there). But instead of taking the approach of many news organizations, which highlight the date when they resurface old content, the FBI took more of a meme-account approach. Not only was there no date to suggest this was an old warning, it didn’t even bother to link out the FCC, where the information came from.
Many news outlets, eager to build out a story about the FBI tweet, managed to find the FCC statement on their own. (Or perhaps the FBI sent it to them in response to a request for comment.) But rather than undermine the story, it served to bolster it. Not only the FBI but also the FCC were warning about this! Now this scam must be really ‘scary!’ as the New York Post reported.
An FCC spokesman said that the agency put out the original 2019 tip page in response to actual consumer complaints, but could not offer any additional details about those communications and said the agency had no reason to believe the scam had increased in recent years. Among details the FCC page includes is this: ‘There have even been reports of infected cables being given away as promotional gifts.’ The spokesperson was not familiar with these reports, but directed me to a 2019 New York Times article and statement from the L.A. County DA’s office about the scam. As it turns out, the New York Times article did not include any actual victims either. And when TechCrunch followed up with the L.A. County DA in 2019, it found that it has ‘no cases’ of juice jacking on its books, though the DA’s office said there are known cases on the East Coast, but could not elaborate on them.
All of this is to say, make sure you have a fully charged portable charger with you at all times. Buy a USB ‘condom’—as many call hacker-prevention devices—and consider bringing a cord that can be plugged into an actual electrical outlet. But if you can’t, because you are a normal human and your phone is dying, just know that it will probably be OK if you use a public USB port.
Ref: slate
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG