Experts say don't leave your devices open to cyberattacks from hackers anxious to steal your information.
We've all been there. The battery percentage on your mobile is in the red and you forgot your charger. And, you're expecting an important call. Luckily, you remember there's a public charging station at the discount department store at the local strip mall.
Your mobile service sucks in the area you happen to be in, and you just need Wi-Fi. You comb your memory bank trying to remember restaurants and stores that offer free Wi-Fi. There's that at least.
Whew. Thank goodness, right?
We spoke to experts who weighed in on the risks you take when you plug into a public charging station or piggyback onto the strongest available Wi-Fi. Here's what you should and shouldn't do.
Tapping that public (charging) resource
Kurtis Minder, CEO and co-founder of the security firm GroupSense, noted that there are public charging stations at logistic places like FedEx, as well "as semi-public charging stations in office lobbies and conference rooms."
Liz Hamilton of the cellphone repair company Mobile Klinik added that
Don't forget "conference centers and event venues," said Kate Sullivan, head of experience at the Otis Travel Group. Places like "the Javits Center in NYC," or the many event halls in Las Vegas. "Buses and subways are adding charging stations," in Europe and the UK and on the MegaBus and Greyhound.
It's a commerce thing
Why are so many venues offering to let customers charge their phones?
"Many store owners provide public charging stations as a convenience to customers," Smith explained. "Charging stations allow customers to spend more time, and presumably more money, in the store."
Why charging stations are a risk
"The problem with malicious USB charging stations," Smith said, was recently highlighted by the Los Angeles District Attorney, who warned travelers to avoid public charging stations.
"Most people assume that a public USB station is only used for providing power to a mobile device," Smith said. "However, a malicious USB charging station could use a device capable of reading data from a user's phone or mobile device. In addition to stealing data, a USB charging station could transfer malicious software to the charging device."
Ted Wagner, vice president and CISO, enterprise security at SAP National Security Services, noted that hackers have started targeting public charging hubs with viruses that infect the plugged-in device, enabling them with access to its contents.
SEE: Business pro's guide to hassle-free travel (free PDF) (TechRepublic)
"Giving hackers tangible access makes it all the more feasible for them to grab your data," Wagner added. "Cybercrooks are then able to simply remove the desired data and even render your device unusable after doing so."
ExpressVPN Vice President Harold Li said: "Public USB charging stations often have hardware installed on the other end, which provides a data connection, in addition to power, through the same USB port which you use for charging. Think about it as connecting your phone to a computer you do not trust."
Smith suggested to avoid public charging stations and use your own AC adapter with a USB cable.
This approach ensures that the mobile device receives electricity but does not transfer any data. Use power-only USB cables, designed to provide power, but lack the necessary wiring for transferring data.
Some mobile phone manufacturers, "provide warning messages or popups to alert a user that a USB connection wants to transfer data in addition to power," he added
"Carry your own charger and plug it into an electricity outlet instead of a USB outlet," Li said. There's "a cable that carries the electricity, but no data and devices called 'USB condoms' that block any data transfer and only allow power to flow through."
A private eye and former Secret Service agent, Darrin Giglio, doesn't mince words: "Don't use public charging stations. If you absolutely must use one, turn your phone completely off. It will charge and your data will be safe."
Tapping that public (Wi-Fi) resource
"Publicly available Wi-Fi [can be] free, convenient, and helps remote workers focus by giving them a relaxing environment to work in," said Will Ellis, an IT security consultant and the founder of Privacy Australia. " The most important con about using public Wi-Fi is a lack of security. Connecting your devices to a publicly available source puts you at risk of cyberattack."
"Be careful of public Wi-Fi," Caleb Barlow, a security expert and former IBM executive and current CEO of CynergisTek, said, "particularly when traveling outside of the country."
"Hold off on banking or other transactions until you are on a Wi-Fi connection that you trust or are back at home," Barlow said. "Unencrypted Wi-Fi connections always come with the potential a 'man-in-the-middle' is watching the connection."
Wagner said: "Public Wi-Fi, unfortunately, has become an avenue for cybercriminals to steal information, including credit card information, passwords and other personal credentials. This attack vector is known as 'Juice Jacking.'"
"The same features that make free Wi-Fi hotspots desirable for consumers make them desirable for hackers," Li said, "it requires no authentication to establish a network connection."
"Hackers can get unfettered access to unsecured devices on the same network," Li added. "The biggest threat to free Wi-Fi security is the 'man-in-the-middle' attack. The hacker can access any unencrypted information you're sending or receiving using the Wi-Fi network, possibly including emails, credit-card information, login details and more."
"Whatever you do," Hamilton warned, "remember, there is no privacy on public Wi-Fi."
"Disable auto-connect so you don't automatically connect to Wi-Fi-networks you pass during the day," Barlow said.
"Instead of using networks, if you're working out of town," Hamilton said, "check in advance if your office offers a VPN service, which uses encryption to create a secure network. If it's not work-related, [turn] off your sharing and Wi-Fi settings and use your data plan."
You can also invest in your own VPN.
Hamilton added: "Most phone plans offer either unlimited data or ad-hoc purchases of large blocks of data. [Don't use] all of it at once, but plan ahead and buy extra data when you need it because at the end of the day, when your personal information may be at risk, that's not the time to save on your data fees."
Sullivan of the Otis Travel Group reminded "any password you send over a public network can be hijacked, so even checking your email if you need to log in, rather than being logged in already, can be a little dangerous."
In summation: Beware
"Ultimately," Minder said, do "not trust either of these mediums [public charging stations/public Wi-Fi].
"The best policy is to trust nothing. If you must use public Wi-Fi, have endpoint protection, a firewall and a VPN. If you must use public chargers, use a USB condom."
For more, check out Top 5: Ways to keep your data safe while traveling on TechRepublic.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)