Beautiful Virgin Islands

Monday, Oct 20, 2025

FBI warn about the dangers of using public USB charging stations

FBI warn about the dangers of using public USB charging stations

Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week.

USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.

This type of attack received its own name, as "juice jacking."

Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices.

Three years later, in 2016, security researcher Samy Kamkar took the concept further with KeySweeper, a stealthy Arduino-based device, camouflaged as a functioning USB wall charger that wirelessly and passively sniffs, decrypts, logs, and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

Following Kamkar's release of KeySweeper, the FBI sent out a nation-wide alert at the time, warning organizations against the use of USB chargers and asking companies to review if they had any such devices in use.

Also, in 2016, another team of researchers developed another proof-of-concept malicious USB wall charger. This one could record and mirror the screen of a device that was plugged in for a charge. The technique become known as "video jacking."



The LA District Attorney's warning [PDF] covers many attack vectors, because there's different ways that criminals can abuse USB wall chargers.

The most common way is via "pluggable" USB wall chargers. These are portable USB charging devices that can be plugged into an AC socket, and criminals can easily leave some of these behind "by accident" in public places, at public charging stations.

There are also USB chargers encased directly inside power charging stations installed in public places, were the user only has access to a USB port. However, LA officials say criminals can load malware onto public charging stations, so users should avoid using the USB port, and stick to using the AC charging port instead.

But the LA DA's warning also applies to USB cables that have been left behind in public places. Microcontrollers and electronic parts have become so small these days that criminals can hide mini-computers and malware inside a USB cable itself. One such example is the O.MG Cable. Something as benign as a USB cable can hide malware nowadays.


Taking all these into account, LA officials recommend that travelers:

Use an AC power outlet, not a USB charging station.

Take AC and car chargers for your devices when traveling.

Consider buying a portable charger for emergencies.

But there are also other countermeasures that users can deploy. One of them is that device owners can buy USB "no-data transfer" cables, where the USB pins responsible for the data transfer channel have been removed, leaving only the power transfer circuit in place. Such cables can be found on Amazon and other online stores.

There are also so-called "USB condoms" that act as an intermediary between an untrusted USB charger and a user's device.

Two such devices are SyncStop (formerly known as USB Condom) and Juice-Jack Defender. Many others also exist, and at one point, even Kaspersky researchers tried to build one -- called Pure.Charger -- but their Kickstarter fundraiser failed to raise the needed funds.

Update, November 15: After the publication of this article, there has been a wave of criticism from security researchers and the cyber-security community, who did not believe the LA DA's security alert was adequate, as there have been no known cases of "juice jacking" incidents detected in the real world, and beyond experimental work presented at security conferences. Furthermore, many have pointed out that since the first juice jacking demos back in 2013, both Android and iOS have now incorporated popups in their user interface to alert a user when a USB port is attempting to transfer data, rather than just electrical power.

US authorities usually issue security alerts based on reports and threats they see in the real world. After failing to respond to a phone call yesterday, the LA DA told fellow tech news site TechCrunch today that the security alert was part of an educational campaign, and not based on juice jacking attacks they've detected in the wild. The original LA DA advisory is still labeled as a "fraud alert" and "PSA" on the LA DA's website, though, with no evidence this is part of an educational campaign. However, the advice given to travelers is in no way bad or incorrect, and users should follow it.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
China Warns UK of ‘Consequences’ After Delay to London Embassy Approval
France’s Wealthy Shift Billions to Luxembourg and Switzerland Amid Tax and Political Turmoil
"Sniper Position": Observation Post Targeting 'Air Force One' Found Before Trump’s Arrival in Florida
Shouting Match at the White House: 'Trump Cursed, Threw Maps, and Told Zelensky – "Putin Will Destroy You"'
Windows’ Own ‘Siri’ Has Arrived: You Can Now Talk to Your Computer
Thailand and Singapore Investigate Cambodian-Based Prince Group as U.S. and U.K. Sanctions Unfold
‘No Kings’ Protests Inflate Numbers — But History Shows Nations Collapse Without Strong Executive Power
Chinese Tech Giants Halt Stablecoin Launches After Beijing’s Regulatory Intervention
Manhattan Jury Holds BNP Paribas Liable for Enabling Sudanese Government Abuses
Trump Orders Immediate Release of Former Congressman George Santos After Commuting Prison Sentence
S&P Downgrades France’s Credit Rating, Citing Soaring Debt and Political Instability
Ofcom Rules BBC’s Gaza Documentary ‘Materially Misleading’ Over Narrator’s Hamas Ties
Diane Keaton’s Cause of Death Revealed as Pneumonia, Family Confirms
Former Lostprophets Frontman Ian Watkins Stabbed to Death in British Prison
"The Tsunami Is Coming, and It’s Massive": The World’s Richest Man Unveils a New AI Vision
Outsider, Heroine, Trailblazer: Diane Keaton Was Always a Little Strange — and Forever One of a Kind
Dramatic Development in the Death of 'Mango' Founder: Billionaire's Son Suspected of Murder
Two Years of Darkness: The Harrowing Testimonies of Israeli Hostages Emerging From Gaza Captivity
EU Moves to Use Frozen Russian Assets to Buy U.S. Weapons for Ukraine
Europe Emerges as the Biggest Casualty in U.S.-China Rare Earth Rivalry
HSBC Confronts Strategic Crossroads as NAB Seeks Only Retail Arm in Australia Exit
U.S. Chamber Sues Trump Over $100,000 H-1B Visa Fee
Shenzhen Expo Spotlights China’s Quantum Step in Semiconductor Self-Reliance
China Accelerates to the Forefront in Global Nuclear Fusion Race
Yachts, Private Jets, and a Picasso Painting: Exposed as 'One of the Largest Frauds in History'
Australia’s Wedgetail Spies Aid NATO Response as Russian MiGs Breach Estonian Airspace
McGowan Urges Chalmers to Cut Spending Over Tax Hike to Close $20 Billion Budget Gap
Victoria Orders Review of Transgender Prison Placement Amid Safety Concerns for Female Inmates
U.S. Treasury Mobilises New $20 Billion Debt Facility to Stabilise Argentina
French Business Leaders Decry Budget as Macron’s Pro-Enterprise Promise Undermined
Trump Claims Modi Pledged India Would End Russian Oil Imports Amid U.S. Tariff Pressure
Surging AI Startup Valuations Fuel Bubble Concerns Among Top Investors
Australian Punter Archie Wilson Tears Up During Nebraska Press Conference, Sparking Conversation on Male Vulnerability
Australia Confirms U.S. Access to Upgraded Submarine Shipyard Under AUKUS Deal
“Firepower” Promised for Ukraine as NATO Ministers Meet — But U.S. Tomahawks Remain Undecided
Brands Confront New Dilemma as Extremists Adopt Fashion Labels
The Sydney Sweeney and Jeans Storm: “The Outcome Surpassed Our Wildest Dreams”
Erika Kirk Delivers Moving Tribute at White House as Trump Awards Charlie Presidential Medal of Freedom
British Food Influencer ‘Big John’ Detained in Australia After Visa Dispute
ScamBodia: The Chinese Fraud Empire Shielded by Cambodia’s Ruling Elite
French PM Suspends Macron’s Pension Reform Until After 2027 in Bid to Stabilize Government
Orange, Bouygues and Free Make €17 Billion Bid for Drahi’s Altice France Telecom Assets
Dutch Government Seizes Chipmaker After U.S. Presses for Removal of Chinese CEO
Bessent Accuses China of Dragging Down Global Economy Amid New Trade Curbs
U.S. Revokes Visas of Foreign Nationals Who ‘Celebrated’ Charlie Kirk’s Assassination
AI and Cybersecurity at Forefront as GITEX Global 2025 Kicks Off in Dubai
DJI Loses Appeal to Remove Pentagon’s ‘Chinese Military Company’ Label
EU Deploys New Biometric Entry/Exit System: What Non-EU Travelers Must Know
Australian Prime Minister’s Private Number Exposed Through AI Contact Scraper
Ex-Microsoft Engineer Confirms Famous Windows XP Key Was Leaked Corporate License, Not a Hack
×