The U.S. government is warning of the dangers of using public, free cellphone charging stations, such as airports, hotels and shopping centers. The FCC put out a statement, and local branches of the FBI are also expressing concern.
That's because cybercriminals are using the USB cables at these charging stations to hack into phones while they're charging.
Cybersecurity analyst Brian Krebs first coined the term "juice jacking" in a 2011 blog post, to refer to hacking into phones to steal data or infect them with malware.
"Juice jacking is basically a portable charger or a charger out there in the public that's been designed to look real," says Jim Stickley, a cybersecurity expert, told NPR. "It will actually charge your phone, but it's also either installing malware on your phone or stealing data off of your phone or other mobile device."
Stickley also told NPR that building these fake charging stations is pretty easy. He should know — he built one himself. He specializes in executing hacks and cybercrimes to assess companies' vulnerabilities, and says it took him only about an hour "to make the stand, get it set up and have it fully operational."
Most people do not think of a phone charging kiosk as a potential danger zone. As Krebs put it in that 2011 post, "Do you hesitate before connecting your phone to this unknown device that could be configured to read most of the data on your phone, and perhaps even upload malware? The answer, for most folks, is probably not."
While juice jacking is not new, Stickley suggests it's becoming more prevalent, possibly due to the increase in travel now that the COVID-19 restrictions have mostly been lifted.
"Wherever you see a lot of tourists, [you could] plant one of these devices," he warns.
So if you're feeling freaked out, here are four ways to avoid getting juice jacked: