Hackers can steal phone data through public charging stations, expert warns

FACEBOOK.COM/NAIA TERMINAL-1

USB charging ports in public spaces like malls, airports, and hotels can leave Filipinos vulnerable to attackers who can “juice-jack” data or insert malware into their phones, a cybersecurity firm said.

“Trusting public charging kiosks with your smartphone carries a significant risk of personal information being retrieved or downloaded without consent,” Sean Duca, Palo Alto Networks’ vice president and chief security officer for Asia Pacific and Japan, said in a statement on Monday.

The Federal Bureau of Investigation (FBI) in the United States has released a public service announcement on Twitter meant for Americans, but Filipinos should also be informed because the country has many public establishments with free charging stations, according to Mr. Duca.

The threat of a “juice jack” attack exists everywhere people plug devices into untrusted ports, he added.

Data from the Department of Information and Communications Technology showed the Philippines monitored approximately 3,000 cyberattacks and detected around 54,000 cyberthreats in 2022. 

There is still no global data on how many people have been victimized by “juice-jacking” through USB charging ports.

A universal series bus or USB cable has two wires — for data transfer and for power, according to Palo Alto Networks’ e-mailed memo.

Once connected, seemingly normal notifications like an app asking permission to access files or an operating system asking to authorize a new update will be the malware’s way to trick people.

After being granted access, attackers can then “crawl into the victim’s files and applications to collect sensitive information, like bank account credentials or credit card details.”

Mr. Duca said that Filipino consumers have to be educated on such tactics, so they become smart about protecting their data. 

“The users are the last gate to keeping malware away, so it’s really important for them to think before they click and challenge why an app would request access to your personal information. As a mobile-savvy nation, Filipinos need to be prepared to handle this risk,” he added.

The Philippine National Police’s Anti-Cybercrime Group (PNP-ACG) previously released a cybersecurity bulletin on “juice-jacking,” which echoes both the FBI and Palo Alto Networks’ tips.

Victims in the Philippines can contact the PNP-ACG through their e-mail address acg@pnp.gov.ph for any inquiries, concerns, or reports related to “juice-jacking.” — Brontë H. Lacsamana