London Daily

Focus on the big picture.
Sunday, Jul 12, 2026

FBI warn about the dangers of using public USB charging stations

FBI warn about the dangers of using public USB charging stations

Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week.

USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.

This type of attack received its own name, as "juice jacking."

Across the years, several proofs-of-concept were created. The most notorious is Mactans, presented at the Black Hat 2013 security conference, which was a malicious USB wall charger that could deploy malware on iOS devices.

Three years later, in 2016, security researcher Samy Kamkar took the concept further with KeySweeper, a stealthy Arduino-based device, camouflaged as a functioning USB wall charger that wirelessly and passively sniffs, decrypts, logs, and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

Following Kamkar's release of KeySweeper, the FBI sent out a nation-wide alert at the time, warning organizations against the use of USB chargers and asking companies to review if they had any such devices in use.

Also, in 2016, another team of researchers developed another proof-of-concept malicious USB wall charger. This one could record and mirror the screen of a device that was plugged in for a charge. The technique become known as "video jacking."



The LA District Attorney's warning [PDF] covers many attack vectors, because there's different ways that criminals can abuse USB wall chargers.

The most common way is via "pluggable" USB wall chargers. These are portable USB charging devices that can be plugged into an AC socket, and criminals can easily leave some of these behind "by accident" in public places, at public charging stations.

There are also USB chargers encased directly inside power charging stations installed in public places, were the user only has access to a USB port. However, LA officials say criminals can load malware onto public charging stations, so users should avoid using the USB port, and stick to using the AC charging port instead.

But the LA DA's warning also applies to USB cables that have been left behind in public places. Microcontrollers and electronic parts have become so small these days that criminals can hide mini-computers and malware inside a USB cable itself. One such example is the O.MG Cable. Something as benign as a USB cable can hide malware nowadays.


Taking all these into account, LA officials recommend that travelers:

Use an AC power outlet, not a USB charging station.

Take AC and car chargers for your devices when traveling.

Consider buying a portable charger for emergencies.

But there are also other countermeasures that users can deploy. One of them is that device owners can buy USB "no-data transfer" cables, where the USB pins responsible for the data transfer channel have been removed, leaving only the power transfer circuit in place. Such cables can be found on Amazon and other online stores.

There are also so-called "USB condoms" that act as an intermediary between an untrusted USB charger and a user's device.

Two such devices are SyncStop (formerly known as USB Condom) and Juice-Jack Defender. Many others also exist, and at one point, even Kaspersky researchers tried to build one -- called Pure.Charger -- but their Kickstarter fundraiser failed to raise the needed funds.

Update, November 15: After the publication of this article, there has been a wave of criticism from security researchers and the cyber-security community, who did not believe the LA DA's security alert was adequate, as there have been no known cases of "juice jacking" incidents detected in the real world, and beyond experimental work presented at security conferences. Furthermore, many have pointed out that since the first juice jacking demos back in 2013, both Android and iOS have now incorporated popups in their user interface to alert a user when a USB port is attempting to transfer data, rather than just electrical power.

US authorities usually issue security alerts based on reports and threats they see in the real world. After failing to respond to a phone call yesterday, the LA DA told fellow tech news site TechCrunch today that the security alert was part of an educational campaign, and not based on juice jacking attacks they've detected in the wild. The original LA DA advisory is still labeled as a "fraud alert" and "PSA" on the LA DA's website, though, with no evidence this is part of an educational campaign. However, the advice given to travelers is in no way bad or incorrect, and users should follow it.

Newsletter

Related Articles

0:00
0:00
Close
Government Creates Emergency Support Scheme for Financially Struggling Universities
United Kingdom Replaces Traditional Farm Subsidies With Payments Linked to Environmental Performance
National Grid Reports First Week of Electricity Generation Without Fossil Fuels
United Kingdom Financial Regulator Introduces Tougher Capital Rules for Cryptocurrency Exchanges
Belfast Harbour Expands Operations to Attract Investment Through United Kingdom and European Union Market Access
Scottish Government Threatens Legal Challenge Over Westminster Cuts to North Sea Transition Funding
United Kingdom Accelerates Trans-Pennine High-Speed Rail Project Linking Northern Cities
United Kingdom Secures Ten Billion Pound Investment for Cambridge Quantum Computing Campus
Port Talbot Steelworks Wins Support for Green Hydrogen Transition and Protection of Industrial Jobs
United Kingdom Sends Royal Navy Carrier Strike Group to Indo-Pacific as Regional Security Focus Expands
National Health Service Expands Artificial Intelligence Diagnostics Across England to Reduce Screening Backlogs
United Kingdom Launches Fifty Billion Pound Infrastructure Fund to Accelerate Housing and Construction
UK Medical Chiefs Update Health Guidance to Promote Everyday Physical Activity
Office of Communications Keeps Wikipedia Under Review Under UK Online Safety Rules
UK Defence Ministry Expands Deep-Strike Capability Through Precision Missile Programme
Russell Group Universities Warn Funding Cuts Could Damage NHS Workforce Training
UK Parliament Calls for National Emergency Broadcast as Heatwave Conditions Intensify
UK and Netherlands Strengthen Naval Cooperation With New Amphibious Defence Partnership
UK Defence Ministry Joins International Missile Programme With One Hundred and Ninety Million Pound Investment
Bank of England Warns Middle East Conflict and AI Risks Could Pressure UK Economy
UK Government Introduces New Rules to Limit Foreign Influence in Political Donations
UK and France Prepare Naval Mission to Protect Shipping Through Strait of Hormuz
United States Pressures UK to Increase Defence Spending at NATO Summit
Bank of England Warns Artificial Intelligence Investment Boom Could Create Financial Stability Risks
Bank of England Begins Direct Oversight of Critical Technology Providers Supporting UK Finance
Andy Burnham Set to Become UK Prime Minister After Labour Leadership Race Clears Path to Downing Street
Scottish Fishing Industry Calls for Emergency Support Amid Rising Costs
UK Supports Stronger European Response to Russian Actions in Ukraine
Devon and Cornwall Police Release Suspect in Ann Widdecombe Murder Investigation
Scottish MPs Demand More Government Support for Fishing Industry
UK Aviation Sector Faces New Rules as Parliament Reviews Passenger Protection Reforms
King’s College London Disciplines Students Over Pro-Palestine Campus Protests
Ministry of Defence Expands Military Capabilities Through New Precision Strike Investment
United Kingdom Condemns Russian Treatment of Ukrainian Children at International Security Forum
House of Lords Reviews Civil Aviation Bill to Strengthen Passenger Rights and UK Aviation Competitiveness
UK Aerospace and Defence Industries Contribute Nearly Forty-Seven Billion Pounds to Economy
UK Government Advances Consultation on Possible Social Media Ban for Children Under Sixteen
United Kingdom Ratifies Global High Seas Treaty to Protect Marine Biodiversity
United Kingdom Joins United States Precision Strike Missile Programme With One Hundred Ninety Million Pound Investment
UK Senior NHS Doctors Vote for Further Strike Action Over Pay and Contract Disputes
BBC Leadership Resigns After Donald Trump Launches Ten Billion Dollar Defamation Lawsuit
UK Fiscal Watchdog Warns Andy Burnham Government Faces One Hundred Billion Pound Budget Challenge
The AI Invoice Shock: Layoffs Didn't Save Managers Money — They Cost Them More
Concern: Sexually Transmitted Bacterium Among Men Develops Antibiotic Resistance
Following Massive Investor Demand: SK Hynix Raises 26.5 Billion Dollars on Nasdaq
Passenger Partially Pulled Out of Ryanair Jet After Cabin Window Fails Mid-Flight
After Four Years, and Under a Heavy Veil of Secrecy: King Charles Meets His Grandchildren, Harry and Meghan's Children
Cross-Party MPs Call for National Climate Emergency Broadcast
Bayeux Tapestry Arrives in the United Kingdom for Landmark Exhibition
United Kingdom Launches Modern Slavery Prevention Programme in Vietnam
×