Los Angeles District Attorney officials issued a notice announcing that the public smartphone charging dock is not safe. The agency believes that a convenient USB charging interface can infect users with malware. However, there are currently no examples to point out where this happens. On Friday, the Los Angeles District Attorney’s Office warned travelers not to use public USB cradle because these devices may be infected with malware, stealing data or locking the phone.
In juice jacking, criminals load malware onto the charging dock, potentially infecting unsuspecting users’ phones and other electronic devices. Malware may lock the device Or export data and passwords directly to the fraudster.
The Los Angeles District Attorney’s Office acknowledges that it has not encountered any instances of infecting someone’s device through the Los Angeles charging station. It told TechCrunch that there were some cases on the East Coast of the United States but could not provide any verifiable details, such as location or date. In addition, security researcher Kevin Beaumont said in a tweet that he had never seen evidence that the public smartphone charging dock used malware.
I haven’t seen any evidence of malware being used in the wild on these things. It would be helpful if they could share evidence.
— Kevin Beaumont (@GossiTheDog) November 14, 2019
But this is not to say that there is no such possibility. Several researchers have developed and demonstrated modified or cloned chargers and charging cables that can “sniff” data remotely or execute commands on the device, but these are just proof-of-concept projects.
It is not the first time that the US authorities have issued consultations for similar reasons. As early as 2016, the FBI issued a warning after security researcher Samy Kamkar demonstrated his KeySweeper proof of concept. It is an Arduino board that is small enough to fit into the USB charger’s case. The charger can secretly record the tap data of nearby Microsoft wireless keyboards.