How to sidestep use of mobile charging stations: Internet Scambusters #483
They're convenient and cheap (or even free) but could mobile charging stations pose a threat to data security?
Experts have already shown how crooks could download data from your cell phone or other device when you plug it in to recharge and they believe it's only a matter of time until this happens.
Before then, it makes sense to get into the habit of using alternative methods to "juice up," as we explain in this week's issue.
Now, here we go...
Data Theft Fear for Mobile Charging Stations
Mobile charging stations are popping up everywhere, and they seem like a boon for travelers who have to spend lengthy amounts of time between hotel rooms and home.
They sometimes come complete with an array of different connectors for most popular devices.
Others have USB outlets that enable you to use your own cable to recharge.
Either way, all you have to do is plug in, and you're good to go.
But the first signs of concern are starting to emerge that charging your cell phone or other mobile device at one of these stations could become a security risk.
At a hackers' conference, tech experts have shown how a charging station could be rigged with a concealed computer that invisibly downloads data from every device that is plugged in.
Their setup apparently carried a warning about not trusting mobile charging stations but declaring that this particular one was safe.
That was enough to encourage 360 attendees to accept this pledge and plug in their devices! If they don't know better, who does?
"Anyone who had an inclination to, could put a system inside of one of these kiosks that, when someone connects their phone, can suck down all of the photos and data, or write malware to the device," one of the builders told security blogger Brian Krebs.
The organizers coined the term "juice jacking" and demonstrated that, provided devices had combined power and data ports (as most cell phones do), there was little or nothing users could do to prevent their data being stolen.
It's fair to point out that, at the time of writing, there have been no reported incidents of genuine juice jacking.
But given the attractions of the potential haul of stolen data, security experts believe it's only a matter of time before rigged mobile charging stations make their appearance.
As a blogger for security firm Sophos noted: "(I)f entire fake Apple and even IKEA stores can spring up in China, it's not hard to imagine that fake, or at least booby-trapped, charging stations might appear anywhere in the world."
This wouldn't be difficult or expensive to do either. A quick Internet search reveals scores of different mobile charging stations for sale starting from just a couple of hundred dollars.
Several of these are free-standing devices that could be set up anywhere there's an available power supply -- a mall, for example.
Obviously, if and when this crime emerges, there are likely to be some mobile charging device locations that are safer than others.
For instance, crooks would find it difficult to tamper with or set up a device at an airport or hotel lobby, which happen to be where many people recharge their cell phones and other mobiles.
But the security specialists suggest we should get into the habit of not using these mobile charging stations at all.
Would simply switching off your phone before plugging in be enough?
Probably not, says Sophos. For a start, many people don't know how to fully power down their cellphones, believing them to be off when they're really in standby mode.
And it seems that, under certain circumstances, even if they are fully off, crooks may still be able to access data on Secure Digital (SD) cards as well as a phone's main memory.
In another test at the hackers' conference, when a user switched off the data transfer setting on their phone, it immediately switched back on as soon as a recharging cable was plugged in.
But all is not lost. There are several actions you can take to protect your data, as suggested by the Sophos blogger:
- First, and most obviously, take your own charging adapter and cable with you and find a power outlet where you can recharge. Not so convenient as mobile charging stations but clearly less risky.
- Use a USB cable that transfers power only. You can buy these leads, which have the data pins missing, for around $15 -- though they may not be suitable for all devices.
- Use a solar power recharger.
- Carry or buy an emergency battery or battery-charging pack.
- If you can or know how to (check your user manual), password-protect the data transfer feature on your device before recharging it.
- Notwithstanding the concerns expressed above, if you can, fully power down your phone if you really have to use a mobile charging station.
Two other words of warning:
Remember that if you plug your recharging/data cable into someone else's computer via their USB port, your device could be at risk if the computer has been rigged by either the owner of via malware to steal data.
And if someone else asks to plug their phone into your PC, there's a similar risk of it stealing data from your computer.
Even if you believe the person to be trustworthy, there's a risk their mobile device could be infected with a virus (though this doesn't apply to iPhones).
The more we are on the move, the more dependent we become on our cell phones and other devices, but, given future risks, it makes sense not to become equally dependent on mobile charging stations.
That's it for today -- we hope you enjoy your week!