This was reported a while back, but I was reminded of it while planning for an overseas trip. Airports, convention centers, and many other locations offer free charging stations for attendees or visitors to be able to get an extra boost of power for their cell phones. They typically will have USB cables attached or built in USB ports where users can plug their own cables in.
The other side of that cable could be connected a device or computer designed to download data, contacts, and images from the cell phone. This can be done to some degree even if the lock screen is still on. It was proved in concept at the DefCon hacker convention in 2011 when researchers from Aries Security set up charging kiosks specifically designed to warn users of the risk. The kiosks did not steal any information, but when an active device was plugged in it would display on a screen a warning sign reading “You should not trust public kiosks with your smart phone!” At such a convention, where attendees are usually wary of nefarious attacks on their devices, hundreds of people still took advantage of the extra power for their phones.
It may not be a wide spread threat, but here are some simple tips that can help you insure your protection:
- Bring your own charger with you.
- Have a stand-alone battery pack that can provide extra power when needed. Some will use AA or AAA batteries which can be bought over-the-counter in a pinch.
- If your phone uses a replaceable battery, carry a fully charged spare.
- Obtain a “charge only” USB cable. Some cables do not have the proper connections to allow data transfer, but they do let the charging current go through.
- Final tip, if you have to charge from an unknown source, turn the phone off before charging. That has been known to prevent data from being passed in some cases.
Particularly when traveling, always take extra care with all of your electronic devices and never let them out of your sight. Many security conscious personnel will travel with temporary devices (laptops and smart phones) that have been wiped clean of all confidential or proprietary information, and wipe them clean again once they return – to prevent viruses from coming home with them.
Safe travels.
The original article by Brian Krebs can be viewed here: