The dangers of plugging devices into open charging ports have been known for some time, but public awareness may remain limited. Photo: 123rf
A cyber security expert says he is surprised by how many people in New Zealand remain unaware of dangers posed by plugging phones into USB chargers in public spaces.
Public charging stations are conveniently dotted around the shops, airports and hotels across the country.
However, a recent tweet by the the Federal Bureau of Information (FBI) warning the US public to avoid using these due to the threat of hacking. It has also served to remind New Zealanders of the dangers of using public charging ports.
The FBI said "bad actors" had found ways to use these to introduce malware and monitoring software onto devices.
Cyber security agency Cert NZ has echoed the warnings. Threat and incident response team manager Jordan Heerspring told Checkpoint people should not to plug phones and laptops directly into those public USB charging ports.
"You should be bringing your own charging device, which you can plug into a wall socket, and then use that to charge your devices," he said.
"In the airports you'll see public charging stations, some hotels will have them even in the rooms. Some buses if they're nice fancy buses, and even some planes will have them. So all of them are safest to avoid, if you can."
Heerspring said it was not a particularly well-publicised piece of advice, even if long-standing.
"If I'm being completely honest, I thought this was fairly public knowledge. But talking to friends and family recently, I've discovered that there are a lot of people who aren't aware of this. I'm quite glad that there's been some conversation going around and raising that awareness for people."
He suspected the FBI warning reflected an increase in cyber attacks involving charging ports in the US.
However, the reality was most ports were probably fine to use in New Zealand, Heerspring said.
"We don't see a lot of these attacks, but they're really easy things to keep yourself safe from, our advices is it's best to avoid them."
Hackers have devised ways to infiltrate the bits of software and hardware behind the charging stations, so that an attacker can potentially these use to load either malicious software onto devices, or they can use that to extract data directly from devices, he said.
"With both of those methods, they'll be able to extract personal or other sensitive or financial information from your device if they are exploiting that particular charging station."
Cyber criminal could access the information remotely, or may have to return to the charging port, depending on the malware used, he said.
"It's kind of like building a road to the enemy camp. You can still have your gates up, so there's still some security measures that they'll have to bypass, but giving them their access invites them to do that."
Knowing your phone has been compromised is sometimes tricky, but there are some signs to look out for.
"There's a few things that are worth looking deeper into, like if your phone is operating quite slowly, noticeably more so than usual. Or if you get different apps or windows popping up that you don't expect or haven't told the device to do. That's worth getting investigated," he said.
Another piece of important advice was never plug a USB device into your phone or laptop if you did not know its source.
"If you find a USB device, a little USB key or get given one - especially if you don't completely trust that person - you shouldn't be putting that into your own laptops or phones or other devices at home," he said.
"More generically, keep two-factor authentication on your accounts and have good password hygiene and those three things, along with keeping your devices updated, so patching to the latest versions, will keep you protected from the majority of the attacks out there."
