The L.A. County District Attorney’s office put out a scary warning this week: That USB charger provided at airports, hotels, or other public locations could be loaded with malware that will hack your charging phone or tablet, reports ZDNet.
While that sounds scary, it may be nothing to worry about. Back in 2013, security researchers showed that a minicomputer disguised as a USB charging brick could install data-stealing malware on iPhones, which at the time were running iOS 6 or earlier. Apple took notice and promptly closed the loophole in iOS 7.
In another attack, called video jacking, what looks like a USB port is actually equipped to pull HDMI video from devices, allowing hackers to copy everything you do on the screen, such as enter passwords. This kind of attack has been shown to work but has never been seen in the wild. In discussing the theoretical hack in 2016, security guru Brian Krebs wrote that it might be worth using on specific people possessing highly valuable information. But, he said, “it doesn’t strike me as very likely that most mere mortals would have reason to worry about video jacking.”
All that said, why take chances? The best advice, provided by the DA’s office, is to simply bring your own USB charging brick and plug into an AC outlet, rather than a public USB port. What if you forget your charger? If you have a laptop with you, plug into its USB port. You can also stock up on charge-only USB cables that disable data transfer and only carry power. (If you lose cables like I do, you’ll have to buy more from time to time, anyway.)
One thing you should definitely not do is use any old USB cable you see lying around in public. With chips being so small these days, hackers have been able to hide circuitry in the cable that can pull data off your phone.
Should you plug into a USB port without protection, and you have an iOS device, do keep an eye out for a giant red flag. When you plug into anything that can access data, such as a computer, iOS will ask you if you want to “trust” the device. If you see that alert, unplug immediately, because you are connected to something other than an innocuous charger.