Latest news with #juicejacking
Yahoo
17 hours ago
- Yahoo
Federal Communications Commission, TSA warns travelers of ‘juice jacking' in airports
ALABAMA (WHNT) — The Transportation Security Administration and the Federal Communications Commission are reminding airport travelers to be mindful of where they plug their phones in as well as what WiFi they are using while in an airport. The TSA took to social media to remind travelers that in this technology age, cybersecurity has never been more important. The FCC calls it 'juice jacking.' 'Hackers can install malware at USB ports (we've been told that's called 'juice/port jacking'). So, when you're at an airport, do not plug your phone directly into a USB port. Bring your TSA-compliant power brick or battery pack and plug in there,' TSA said. 'Malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can then use that information to access online accounts or sell it to other bad actors,' the FCC said. Some FCC tips to avoid 'juice jacking' include: Using AC power outlets can help you avoid any potential risks, so be sure to pack AC, car chargers, and your own USB cables with you when traveling. Carry an external battery. Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, from a trusted supplier. If you plug your device into a USB port and a prompt appears asking you to select 'share data,' or 'trust this computer,' or 'charge only,' always select 'charge only.' In addition to this, never make online purchases while on free airport WiFi. 'Do not ever enter any sensitive info while using unsecure WiFi,' the TSA said. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Forbes
3 days ago
- Health
- Forbes
TSA Warns iPhone And Android Users—You Need This At Airport
New airport warning for smartphone users There is no subject that's more contentious in cyber security circles than so-called juice jacking. It generates fresh headlines most years, when one government agency or another issues a new alert ahead of the holidays. Stories are written and cyber eyebrows are raised — there are more stories than attacks. But still those stories come. But now a new warning suggests there may be a risk for travelers after all. Juice jacking theoretically strikes when you plug your phone into a public charging cable or socket at an airport or hotel, and instead of it being a dumb charger, it's a computer behind the scenes extracting data from your device. This is very different to dangerously crafted attack cables that include a malicious payload in the cable itself. The latest government warning (and headlines 1,2) come courtesy of TSA. 'When you're at an airport, do not plug your phone directly into a USB port,' it says. 'Bring your TSA-compliant power brick or battery pack and plug in there.' This is because 'hackers can install malware at USB ports (we've been told that's called 'juice/port jacking').' TSA also warns smartphone users 'don't use free public WiFi, especially if you're planning to make any online purchases. Do not ever enter any sensitive info while using unsecure WiFi.' This public Wi-Fi hijacking threat is almost as contentious as juice-jacking amongst cyber experts. TL;DR, while it comprises your location, any encrypted data flowing to or from your device from websites or apps should be safe. Your bigger risk is downloading an app from the malicious access point's splash page, filling in online forms, or being redirected to fraudulent login pages for Microsoft, Google or other accounts. The usual advice applies — use passkeys, don't log in to linked or popup windows but use usual channels, and don't give away personal information. You should also be wary of which Wi-Fi hotspots you connect to — are they the real service from the hotel or airport or mall you're in, or cleverly named fakes. As for juice jacking, there is now a nasty new twist to the existing narrative, which while theoretical for now, could fuel attacks that actually work. A new research paper has introduced 'a novel family of USB-based attacks' called ChoiceJacking, which the researchers say, 'is the first to bypass existing Juice Jacking mitigations. The Austrian research team "observed that these mitigations assume that an attacker cannot inject input events while establishing a data connection. However, we show that this assumption does not hold in practice. We present a platform-agnostic attack principle and three concrete attack techniques for Android and iOS that allow a malicious charger to autonomously spoof user input to enable its own data connection.' This is more an issue for Android than iOS, but it's not something for most users to worry about. That said, if you think you might be the target for attacks or if you travel to higher risk parts of the world, I would strongly recommend not using public charging points without some form of data shield or public WiFi without a VPN. You should also be wary of unlocking your device when it's plugged into anything you don't own and control. Interestingly, Google and Samsung have both been better defending devices against USB data extraction, albeit this masks itself as an accessory. There are also new updates for both iOS and Android to reboot devices locked for more than 3 days, which also protects against physical cable attacks. On ChoiceJacking, Kaspersky says 'both Apple and Google blocked these attack methods in iOS/iPadOS 18.4, and Android 15," but "unfortunately, on Android, the OS version alone doesn't guarantee your smartphone's safety… That's why Android users who have updated to Android 15 are advised to connect their smartphone to a known safe computer via a cable and check whether a password or biometric confirmation is required. If not — avoid public charging stations.'
Yahoo
3 days ago
- Yahoo
What the Tech: TSA airport warning
If you fly, there is a good chance your phone, tablet, or computer will need recharging at some point. Free charging stations are a welcome sight for travelers. You'll find them in airport terminals, hotel lobbies, and under seats at the gate. Just plug in your phone, recharge, and you're good to go. In a recent Facebook post, TSA warned travelers that these convenient ports could carry a hidden risk. The government has issued a warning about a threat known as 'juice jacking.' This is a type of cyberattack where criminals could potentially rig USB charging ports to install malware on your phone or steal personal data while you're charging. So, how likely is this to happen? Technically, it's possible. USB cables are designed not only to supply power but also to transfer data. That's why you can move photos from your phone to a computer with a cable. In theory, a bad actor could modify a public USB port to compromise your device. However, the odds of this happening at an airport or hotel are extremely low. In fact, there has never been a confirmed case of juice jacking occurring in the real world. One reason is that modern smartphones include built-in protections. If you plug your device into a computer or an unfamiliar accessory, you'll see a pop-up asking whether you trust the connection. If that message appears when you're using a public port or shared charging station, the safest choice is to select 'Don't Trust.' Still, federal agencies say it's smart to be cautious. You can read the warning from the FCC here: TSA Juice Jacking Warning To stay safe, consider these tips while traveling: Use your own charging block and plug into a standard electrical outlet Bring a portable battery or power bank to charge on the go Buy a USB data blocker or charge-only cable, which allows power to flow but blocks data transfer Never leave your phone unattended while it charges in a public place In my opinion, plugging in a cable to charge a phone using an outlet on the wall carries a much bigger risk than a 'Juice Jacked' charging station. Unattended phones can be stolen, and what happens frequently is that people walk away and go to the gate, forgetting the phone is plugged in. One more safety note: if you bring a portable power bank, be sure to pack it in your carry-on bag. The FAA prohibits lithium-ion batteries from being stored in checked luggage or overhead bins because they can overheat or catch fire. The biggest threat at the airports? Logging on to what you think is a secure public WiFi network when it is, in fact, a network set up by a cybercriminal. Connecting to those networks runs the risk of having malware installed on your phone. While juice jacking may not be a widespread threat, it is always better to be safe than sorry, especially when it comes to your personal information. But in terms of things to worry about on your next trip, just remember to keep your phone and portable batteries with you. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
