A laptop whose battery is exhausted or about to run out is reason enough for anyone to undertake a delirious race to get some way to charge the device. However, you should think twice before using that cable removed from the
charging station from the airport or from connecting to that
USB port from the hotel: cyber attackers, or hackers, may be on the prowl.
In the prelude to the busy holiday season, the Los Angeles County District Attorney's Office is
alerting travelers on
a scam made with USB chargers, also known as a "charge attack."
"A free charge may end up emptying your bank account," said Deputy District Attorney Luke Sisak in a video posted online this month.
The "charge attack" or
Juice jacking as it is known in English, happens when unsuspecting users plug their electronic devices into USB ports or use USB cables that have been previously loaded with a malicious program.
The malicious program proceeds to infect the device, which gives them access to hackers. With that access, cyber attackers can read and export your information, including your passwords, and even block the device, which makes it impossible to use it.
The "charge attack" takes advantage of the daily need to have the battery fully charged, said Liviu Arsene, cybersecurity expert at
BitDefender, a Romanian company of
and antivirus software.
Arsene advises not to use the USB cables that are already connected in the charging stations, or even those that are given as promotional gifts.
"In a simple way you can make these cables with malicious program look identical to any other cable," Arsene explained. "When people see it, they don't think or expect it to be risky."
Other ways to protect yourself include having your own chargers, connecting directly to an electrical outlet, and using portable batteries purchased from certified suppliers, Arsene said.
"Do not believe in everything you see, or in everything you touch," he said, and noted that as of Black Friday, if something seems too good to be true, it probably is.
It is not just the cables that pose a risk to technology consumers. They are also the USB ports.
In the same way as scammers who steal debit card numbers with illegal card readers or skimmers at ATMs, hackers can easily boot USB ports and replace them with their own malicious devices, said Vyas Sekar, a CyLab professor, a security and privacy research institute of Carnegie Mellon University.
"If the attacker has physical access to the power outlet, it will be easy for him to modify it," says Sekar.
Although Arsene and Sekar said they were not sure of the periodicity with which this type of computer attacks happen, the increasing ubiquity of USB charging ports in places such as hotels, airports and public transport implies an increased risk of being victims of this type of scams.
"People want the convenience of being able to charge their phones and tablets wherever they go," Sekar said, adding: "Obviously I would like it too, but there is a risk."
Sekar mentioned that consumers can also use protective devices for USB cables, known as "USB condoms."
"It's a pretty simple trick," he said. "Essentially, what these 'USB condoms' do is disable the USB charger data pin."
This means that the device's battery will charge, but the cable cannot send or receive data.
"You can buy it for less than five dollars and it can really save you," Sekar said.
The Los Angeles County District Attorney's Office
I shared the same advice that cyber security experts offered to consumers, such as using electrical outlets and not a USB charging station, having your own AC adapters and car chargers, and carrying a portable emergency charger.