DEV Community

Cover image for NYTimes warns of USB "juice jacking"
Peter Kim Frank
Peter Kim Frank

Posted on

NYTimes warns of USB "juice jacking"

Today's NYTimes features an article titled Stop! Don’t Charge Your Phone This Way.

It warns that hackers are setting up compromised USB "charging stations" in airports, hotels, etc. Similar to "card skimmers" on ATM machines.

First time I have ever heard of the potential for this attack method. Legitimate threat that people need to be aware of or more of a clickbait concern? What do you think?

Photo via Unsplash

Top comments (15)

rhymes profile image

I don't think it's just clickbait.

I own a few of these things:

They are data blockers, they only let through the charging signal, very useful for when you have to plug in a random public USB port.

gabe profile image

Until they start making fake, compromised versions of the device above! Scary thought

rhymes profile image

hahahaha then we descend in tinfoil hat territory :D

ryansmith profile image
Ryan Smith

On Android devices, plugging in a USB cord that is also plugged into a computer provides options on what the USB should be used for:

Android USB Options Screenshot

It defaults to "No data transfer", so I'm not sure if this is a real issue unless the user changes that setting after connecting. I could be mistaken on this though.

hte305 profile image
Ha Tuan Em • Edited

I think connect is connect. Not important what thing choose. So they can do anything if your device connected to computer. This is my idea 🙂

lbeul profile image
Louis • Edited

That reminds me of a video by some YouTuber called N-O-D-E I saw two years ago. In this clip he shows how to build yourself an adaptor for charging your phone safely.

Picture of USB Keychain

scrabill profile image
Shannon Crabill • Edited

I've heard of this previously and yes, I would say, charge with care, be aware of your surroundings.

That said, I'm not too worried as I tend to have a power pack with me and will use the USB port to charge the power pack, instead of my phone.

EDIT: Having a charge only / no data table may help to skirt any data hacking concerns.

thatblairguy profile image
That Blair Guy • Edited

Never heard the term "juice-jacking" before today, but reports of the problem have been around for a while.

It used to be that phones would, by default, expose the filesystem to any USB connection. Newer Android devices require the user to actively choose to allow access.

My questions would be:

  • Is there still information exposed even if the user selects "power only"?
  • Are vulnerable devices still coming/popular? -What are they?

Several folks have advocated carrying a power-only cable. That's a reasonable preventative, but it's not a cure-all (more a defense in depth). Many charging stations don't offer ports, just hardwired cables with the various connectors.

jeikabu profile image

Some other people mentioned using those cheap-o USB charging cables without data wires that come with some devices. This solution amuses me because it turns a penny-pinching defect into a “feature”.

ibrahimfromtgddev profile image
Ibrahim Imran • Edited

Peter. This is very dangerous... Hackers can't access all this data it's gonna expose personal data..... Imagine if they had a DNS too such a bad hack..
Don't use ANY random USB!

Share this with EVERYONE on Dev!

sunitk profile image
Sunit Katkar

This kind of hacking has been in the news quite some time ago.

drewtownchi profile image
Drew Town

I just use my power pack. It charges faster. I can sit where I want. And I know it is safe.

val_baca profile image
Valentin Baca
  1. Get a power-only cord. There are really cool 3-way cords like:

  2. Get a battery pack. These things are SO cheap and light these days. I love the Anker brand.

Sloan, the sloth mascot
Comment deleted
highcenburg profile image
Vicente G. Reyes

This is weird. They wan about the problem but admit that it still has no cases.