The Federal Bureau of Investigation (FBI) in the United States warned users last week to avoid connecting their devices to public USB ports due to the possibility of malware infection. According to a statement made on Twitter by the Denver FBI office (via CNBC), public charging stations found in places like hotels, airports, and shopping centers could be used to spread malware.
According to the FBI, malicious actors have figured out how to use public USB ports to “introduce malware and monitoring software onto devices.” Users should bring their charger and USB cord when they go out in public and use an electrical outlet rather than a public USB port.
But, if you are actively using your iPhone or Mac and connect to a public port, malware can still be installed because Apple’s devices include a USB security mechanism that prevents the Lightning connection from being used for data transfer purposes after more than an hour since the device was unlocked.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
Imagine that malicious software is transferred to a computer, tablet, or smartphone through a public USB port. In this scenario, hackers can access sensitive data stored on the device, which allows them to steal usernames and passwords, hijack email, steal money from online accounts, and engage in various other illegal activities.
Using your USB cable to charge your phone in public places is the only way to guarantee your safety, as this eliminates the threat posed by this potential method of attack.
A similar caution can be found on the website of the FBI, which states that individuals should avoid using free charging stations. Additionally, the FBI advises against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for your online accounts, and clicking unsolicited links in text messages and emails.