FBI issues warning about "juice jacking" when using free cellphone charging kiosks
CHERRY HILL, N.J. (CBS) -- We've all experienced desperation when our phones show it's low on battery life.
The FBI is issued a warning about free cellphone charging kiosks.
The agency says don't use them because cyber thieves could steal your data. They call it "juice jacking."
Shoppers at the Cherry Hill Mall are taking precautions.
"It's very important to keep my phone safe because everything I do these days is on my phone," Massah Kanneh said. "So if it gets missing or anybody gets into it, I'll be lost completely."
The FBI is warning people not to use free charging stations at airports, hotels or shopping centers because criminals can use the USB port to install malware and monitoring software onto their phones.
Stacy Arruda, who spent 20 years working cyber security cases for the FBI, says the monitoring software can be dangerous.
"More than likely it's a keystroke monitor, so every time you depress a key on the device, they're able to see what keys you're depressing and they don't necessarily care about emails or texts," Arruda said. "What they care about is when you log onto your bank account."
ChargeItSpot, the company that owns the kiosks at the Cherry Hill Mall, says it takes several steps to keep phone charging safe. The kiosks provide one-way electrical charging only, with no way to transfer data.
Steel lockers prevent unauthorized access to USB ports and 24/7 monitoring with security cameras.
"No. it doesn't [feel safer] because these hackers are so smart and they can get through anything," Peggy Schmidt said.
Arruda says cyber thieves can install a skimming device in the front of charging stations that can steal data. She says criminals can also put a small computer called Raspberry Pi into the kiosks that suck information from phones.
"Through the kiosk, it's connecting to this and this isn't for the baby hacker," Arruda said. "It's someone who knows what they're doing."
The federal communications commission says to avoid becoming a juice jacking victim, charge your phone by plugging it into an electrical outlet, use a power bank or invest in a charging-only cable.
ChargeItSpot released a statement:
"At ChargeItSpot, we appreciate opportunities like this to remind the public that not all charging stations are created equal, and that security is – and always has been – our top priority. Since 2011, ChargeItSpot has been aware of the ways that USB charging can be maliciously exploited, which is why we've built (and patented) several safeguards for consumers.
You can read through some of our articles about ChargeItSpot's safety measures on our blog, and at securecharging.org to get more details, but in short, ChargeItSpot is the only network of free phone charging kiosks that provides:
One-way electrical charging only, with no way to access or transfer data - made possible by our proprietary charging boards.
- Tip: Your phone should never display a USB data connection warning when you're plugging into a power-only system! If you get a message like this, do not charge your phone - you're not using a ChargeItSpot, and you're not protected.
- Steel lockers and kiosk housing prevent unauthorized access to USB ports - so, "bad actors" cannot ever tamper with the cords providing power to phones.
- 24/7 monitoring via integrated security camera. Yep, we can see who is accessing our charging stations, which doesn't fare well for people trying to commit crimes.
- Dropping off a phone at ChargeItSpot requires the owner to create a 10-digit password + security image via the touchscreen interface. This is not your generic USB in the wall set up!
- Many ChargeItSpot kiosks require an sms passcode to be verified before charging, in addition to the above standard security features. This is known as two-factor authentication or 2FA.
We support all efforts to continue to make phone charging secure because we've all been in a situation where a phone charge has been critical to our safety or peace of mind. Here at ChargeItSpot, we're doing our part to make phone charging safe and secure."
Philadelphia International Airport also released a statement:
PHL offers electrical outlets and charging stations and seats with wireless, USB and USB-C charging capabilities for the convenience of our guests. We are aware of the warning issued by the FBI and are closely monitoring the situation. To date, PHL has not been made aware of any issues with guests' devices. Guests are advised to use the chargers to their level of comfort. As always, if anyone notices something suspicious during their journey through PHL, they should report it immediately to airport police or security.
We also remind guests of steps they can take to help prevent "juice jacking":
• Use your own cord when accessing a charger
• Don't leave devices unattended while charging
• Turn off phones when charging to prevent data from flowing
• Buy a USB data blocker to prevent devices from being infected with malware
• Install antivirus software on devices and make sure it is up to date
