Resist the Urge: Don’t Charge Your Phone in Public Ports Unless You Want To Compromise Your Data

Perhaps you’re traveling and your phone and laptop’s battery is suddenly in the dreaded red zone. Have you ever looked for a public charging station to charge your devices? Next time, think twice before using one. Those outlets could be hacked and might be collecting information from your device as it charges, without you even knowing.

This recent CNN Money story highlights the risk:

“Public charging stations and wi-fi access points are found in places like airports, planes, conference centers and parks, so people can always have access to their phones and data. But connecting your phone to an unknown port has its risks.”

Drew Paik of security firm Authentic8 (the creator of Silo, a secure browser that anonymizes web activity) was interviewed for the story. He explained that by plugging your phone into a compromised power strip or charger can infect your device and compromise your data.

But even people who should clearly know better could still fall victim, as Authentic8 recently discovered firsthand:

The company set up a public charging station at the RSA security conference in San Francisco where 80 percent of attendees connected their phones without even asking about security.

This is even more shocking because the “Don’t plug your phone into a charger you don’t own” advice is quite old. PC Mag covered it back in 2013, in this story written following a Black Hat conference in Las Vegas where writer Neil J. Rubenking learned enough to make this vow: “I’m never plugging my iPhone charger into a USB port in a hotel desk again,” he wrote.

In 2016, a researcher from Kaspersky Labs demonstrated that in less than 3 minutes, he could install a third party application that couldn’t be uninstalled and had root access to the file system. This could be a Trojan that worked in the background “sharing everything on your phone with someone sitting on the other side of the world.” Aside from data theft, other destructive actions include “wiping the phone, deleting data, encrypting data and asking for a ransom. The possibilities are infinite.”

The Telegraph published a story about the security risks here, along with some advice on how to protect yourself.

Rather than being tempted to take a risk when your battery falls into the red zone, Paik recommends investing in a portable USB battery pack, or buying a USB cord that doesn’t have wires to transmit data.


Are you covered for identity theft?
Get Covered