A phone or a laptop whose battery is depleted or about to run out is reason enough to send anyone in a crazy race to get some way to charge the device. However, you should think twice before using that strange cable from the airport charging station or connecting to that USB port of the hotel: hackers could be on the prowl.
In the prelude to the busy Christmas season, the Los Angeles County District Attorney's Office is alerting travelers about a scam made with USB chargers, also known as a "charge attack."
"A free charge could end up emptying your bank account," said Deputy District Attorney Luke Sisak in a video posted online this month.RELATED
The "charge attack" occurs when unsuspecting users plug their electronic devices into USB ports, or use USB cables that have been previously charged with a malicious program.
The malicious program proceeds to infect the device, giving them access to hackers. With that access, they can read and export your information, including your passwords, and even lock the device, making it impossible to use.
The "charge attack" takes advantage of the daily need to have a fully charged battery, said Liviu Arsene, a cybersecurity expert at BitDefender, a Romanian cybersecurity and antivirus software company.
Arsene advises not to use the USB cables that are already connected in the charging stations, or even those that are given as “promotional gifts”.
"You can easily mark these things to make them look identical to any other cable," Arsene explained, "when people see it, they don't think or expect it to be malicious."
Other ways to protect yourself include having your own chargers, connecting directly to an electrical outlet, and using portable batteries purchased from certified suppliers, Arsene said.
"Do not believe in everything you see, or in everything you touch," he said, noting that as of "black Friday," if something seems too good to be true, it probably is.
It is not just the cables that pose a risk to technology consumers. They are also the ports.
In the same way as scammers who steal debit card numbers using illegal card readers or “skimmers” at ATMs, hackers can easily boot USB ports and replace them with their own malicious devices, said Vyas Sekar, professor of CyLab, a security and privacy research institute at Carnegie Mellon University.
"If the attacker has physical access to the power outlet, it will be easy for him to modify it," says Sekar.
Although Arsene and Sekar said they were not sure of the periodicity with which this type of computer attacks happen, the increasing ubiquity of USB charging ports in places such as hotels, airports and public transport implies an increased risk of falling victim to this type of scams.
"People want the convenience of being able to charge their phones and tablets wherever they go," Sekar said, adding: "Obviously I would like that too, but there is a risk."
Sekar mentioned that consumers can also use protective devices for USB cables, known as "USB condoms."
"It's a pretty simple trick," he said. "Essentially, what these‘ USB condoms ’do is disable the USB charger data pin."
This means that the device's battery will be charged, but the cable cannot send or receive data.
"You can buy it for less than five dollars and it can really save you," Sekar said.
The Los Angeles County District Attorney's Office shared the same advice that cybersecurity experts offered to consumers, such as using electrical outlets and not a USB charging station, having your own AC adapters and car chargers, and carry a portable charger for emergencies.