Are Public Charging Stations More Dangerous Than Public Wi-Fi? Not Really

The FBI says that public phone chargers are bad news—and it's good advice.

It's tempting to avail yourself of free public Wi-Fi and public phone charging stations when you are out and about. But the risks of both are so real and so bad that it's just not worth it. It's become so much of a problem that the FBI just issued a warning about charging stations, thanks to an exploit called "juice jacking." The good news is that you can protect yourself easily once you know the problem. 

"Juice jacking is where a bad actor uses public USB ports to introduce malware or monitoring applications to a user's device." Michael Harris, a Tulane University IT professional who has worked with law enforcement, told Lifewire via email. "People should follow good cybersecurity basic hygiene and bring their own outlet charger or battery charger while traveling when they are in need of a charge instead of using public charging stations."

Public Charging Stations: Power and Data

Our phones all charge via USB. Even the iPhone Lightning cable is just USB with a fancy connector on one end. And as we know, USB is used for both power and data. When charging our phones, we are only interested in the power part. But bad actors are interested in the data and have come up with some clever ways to get it. 

As soon as you plug your phone into a computer via USB, it can access all kinds of data, depending on the kind of phone you have. "At this time, Android smartphones appear to be more prone to be affected, but iOS devices are not immune to the attacks," says Harris. 

Not only can the connected computer access data on the phone, but it can also install malicious code. But wait, you say, I'm not plugging into a computer. I'm plugging into a charging station. 

Except the charging station could be a computer, and anyone could have put it there. Even worse is that a computer can be installed into the USB cable itself and can pretty much take over any computer (including your phone) that you plug into it. 

Fortunately, it's trivially easy to protect yourself. Just plug into a regular power outlet using your own charger and USB cable (preferably the cable that came with your phone or from a reputable brand). If you really must plug directly into unknown USB ports, then at least use some protection.

"You can also turn off your device's data transfer capabilities (such as USB data transfer) while charging, making it impossible for the malware to be installed on your phone," Kyle MacDonald, VP at mobile device deployment company Mojio, told Lifewire via email. "Additionally, consider using a data blocker, which allows your device to charge while blocking data transfer."

If I were a hacker trying to exploit this security hole, I might sell a compromised data blocker via Amazon's marketplace or similar. Another option is to pull out the data pins from a USB cable to make your own, which is a pretty easy job with little risk. 

Worse Than Public Wi-Fi?

What you should really beware of when out and about is free public Wi-Fi. 

"Public Wi-Fi networks are particularly vulnerable to hacking and data theft, particularly if they are not secured with strong passwords or encryption. Hackers may be able to intercept sensitive information such as passwords, credit card numbers, or other personal data transmitted over these networks. Weakly-secured Wi-Fi networks are available throughout the average city, and I see no end in sight to this problem." Sean O'Brien, a lecturer at Yale Law School Privacy Lab, told Lifewire via email. 

Malicious actors can hack into insecure public Wi-Fi or set up their own Wi-Fi hotspots and give them tempting names—a "Free Starbucks Wi-Fi" network near a Starbucks, for example. A bad Wi-Fi network can steal your passwords, pretend to be your email provider or bank, and more. It's best to avoid public Wi-Fi altogether, but if you insist, then at least use a good VPN you have researched enough to trust.