TSA Warning—All Smartphone Users Must Stop Using These Chargers
Be warned before you head for the airport.
It’s holiday season. And as millions of travelers prepare to jet off from airports across the U.S. and beyond, the Transportation Security Administration’s recent phone charger warning for airline passengers has suddenly been given some added urgency.
The security agency has told airport travelers to “bring your TSA-compliant power brick or battery pack and plug in there,” rather than use public charging points. “When you’re at an airport, do not plug your phone directly into a USB port.”
This relates to so-called juice jacking, which along with the overhyped threat from public WiFi is guaranteed to irk cybersecurity professionals. But just as TSA’s airport WiFi warning has been reinforced by the security industry, so it is now with charging.
“Public USB ports should never be treated as safe,” warns NordVPN‘s Adrianus Warmenhoven (via ZDNet), following its new report into the threat from choicejacking. This enhancement on juice jacking can bypass the protections in your smartphone to trick it into accepting a data cable connection when it shouldn’t.
Warmenhoven describes choicejacking as “a dangerous evolution in public charging threats. With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.”
Per Hackread, “the rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.”
That’s debatable. Most public charging warnings are met with a fair amount of cyber derision. It’s a blunt force attack. You’re only likely to be specifically targeted by a malicious charging point or cable if you’re in a high risk vocation or location.
But what choicejacking has done is shown how a phone can be tricked into thinking a physical connection is one thing — a keyboard for example, while in reality it’s something else. And data can be stolen as a result.
If you consider your risk profile to be high, this should be a consideration. Use your own charger and cable. And bear in mind that when your phone is unlocked while charging, it’s more vulnerable to this attack — if juice jacking attacks really exist, of course.