Public USB Charging Ports & Their Potential Security Risks

How many times have we found ourselves with a nearly depleted mobile device and no charger cable? Despite the array of adapters and cables that are available, on occasion we are found without our charge cable and a nearly dead phone or tablet battery. Increasingly, public locations are providing native USB convenience charging stations for the modern day smart device. It’s a common oversight to plug our devices into these public charging outlets without considering the risks in doing so.

What have you done??

Honestly, odds are, you’re simply charging your phone as expected. But the truth is you just don’t know. This is due to the nature of the USB interface and the fact that it has the capability to transmit both power and data.

Charging ports that seem innocent enough can be a hot bed of disaster waiting to happen. By exploiting the USB data connection to your device, malware can easily be transferred onto your device revealing critical information to a malicious actor. You would likely never even know.

That charging device might not have even been placed by the establishment that you assume has placed it. A bad actor could simply drop the device in a public area waiting for the unassuming person to walk by and plug in their device.

The reality is that most charging ports are legitimate and pose no real threat, but you also never know for sure.

Here are some suggestions to keep yourself safe while using a public charging station:

• Do Not plug your device’s USB cable into an untrusted USB port, such as those commonly found on public charging stations.
• Always carry your own charging cable and wall adapter with you.
• If you use a public station, practice situational awareness and assess the threat level of interfacing with the charging station.
• When you plug your device in, never agree to trust the source or allow it any type of control on your phone. These functions vary by device type and model.

The Threat of Malware

The installation of malware is a key way to gain unauthorized privileges on a device. Be it a charging port, a free or found USB drive, a link in an email, or a malicious website. Cyber criminals are getting increasingly savvy in their attack vectors. This means you must be even more diligent than ever before to protect yourself from this emerging threat.