Public USB Charging Stations Pose Security Risks, Warn U.S. Authorities

By Ava McKinneyOnline Safety

U.S. Authorities Warn About the Dangers of Public USB Charging Stations

The Los Angeles District Attorney’s Office has issued a warning to travelers about the risks of using public charging stations that rely on USB connections. These charging stations are commonly found in hotels, airports, cafes, public transportation stops, and other public places. According to officials, such stations can be used to spread malware. Instead, users are advised to purchase a portable power bank, use a car charger, or charge their devices only from standard electrical outlets.

This warning is not without reason. According to TechCrunch journalists, law enforcement agencies are already aware of incidents involving such attacks, particularly on the East Coast of the United States. Over the past few years, cybersecurity experts have demonstrated numerous malicious concepts exploiting USB charging stations.

Notable Examples of USB Charging Attacks

  • One of the first notable hacks was the Mactans project, presented at the Black Hat conference in 2013. Researchers showed that an iPhone could be compromised using a specially designed USB charger.
  • In 2016, well-known researcher Samy Kamkar created KeySweeper—a device based on Arduino or Teensy, disguised as a USB charger. It acted as a wireless sniffer, decrypting, saving, and sending all keystrokes from Microsoft wireless keyboards via GSM. Following this, the FBI issued a nationwide warning urging organizations to avoid using USB charging devices.

Multiple Attack Vectors

The Los Angeles District Attorney’s Office warns about several types of attacks. For example, criminals may leave portable USB chargers plugged into regular outlets in public places, hoping someone will use them. Even charging stations where users only have access to a USB port can be dangerous, as attackers may load malware onto these public stations.

The warning also covers USB cables left in public places. Microcontrollers and other electronic components have become so small that criminals can hide a miniature computer and malware inside a cable. A prominent example is the O.MG cable, whose creator has even started mass-producing malicious cables.

How to Protect Yourself

  • Always carry your own cables and chargers, and use standard electrical outlets whenever possible.
  • Consider purchasing a special “charge-only” USB cable, which has the data transfer pins removed, allowing only power to pass through.
  • Use so-called “USB condoms” or data blockers, which act as a buffer between an untrusted USB charging device and your own device. Well-known solutions in this area include SyncStop (formerly USB Condom) and Juice-Jack Defender.

By following these precautions, you can significantly reduce the risk of falling victim to malware attacks via public USB charging stations.

Leave a Reply