A noted cybersecurity expert has claimed that the recent “juice jacking” media scare based on an FBI warning has “no evidence” to back it up.
Last week, the FBI office in Denver released a warning online that people should avoid using the free USB charging ports in public places, such as airports, hotels, or shopping centres. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices,” they said.
The practice, which is known as “juice jacking,” could be prevented by using your own charger and USB cord, and connecting to a normal electrical outlet, instead of a USB plug, the FBI Denver office advised.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
The FCC issued a similar warning on Twitter this week. “Think twice before using public charging stations,” the FCC said. “Hackers could be waiting to gain access to your personal information by installing malware and monitoring software to your devices.” On their website, they even claimed that free charging cables could be compromised by hackers.
Think twice before using public charging stations. Hackers could be waiting to gain access to your personal information by installing malware and monitoring software to your devices. This scam is referred to as juice jacking. https://t.co/hzLl2ZFTB5#juicejacking
— The FCC (@FCC) April 11, 2023
The term “juice jacking” was coined in 2011, after cybersecurity researchers proved that such a hack was theoretically possible.
Following the post from the FBI and FCC, mainstream media accounts jumped on the story, such as CBS, ABC, The Guardian, Sky News, and others, with some declaring that the FBI warning was “urgent,” telling viewers and readers that bad actors had not only figured out how to use the ports, but “are” currently using them, “to steal your personal info.”
However, Marcus Hutchins, a British cybersecurity expert, most well-known for stopping the WannaCry ransomware attack in 2017, posted a video to social media, decrying the warning as like “the ‘drugs in Halloween candy’ of cybersecurity.”
“I’ve seen warning after warning about this attack, but I’ve never seen a single shred of evidence of a real attack occurring in real life,” Hutchins said. While he noted that it is “technically possible” to pull off, it’s “quite unreliable,” and argued that there was no real reason for a hacking doing so.
“Typically, when hackers hack someone’s phone they go after a specific victim, just like hacking random people’s phones is not particularly useful,” he concluded. “So it is something that could happen, in theory, but I think it’s pretty unrealistic, and all of these warnings are based on no evidence whatsoever.”
@malwaretech #stitch with @photogsteve81 Fun fact: this warning is based on an FCC warning thats based on an FBI warning thats based on a police warning thats based on nothing whatsoever
Hutchins even claimed in a comment that the FBI had told a journalist that they had no case reports of “juice jacking” ever taking place. An FBI official confirmed to Snopes that they had not seen any rise in complaints of the supposed practice.
In fact, when the Los Angeles District Attorney made similar warnings about juice jacking in 2019, TechCrunch reported that they also had “no cases” of it ever happening on their books, and quoted other cybersecurity experts who said that they had never seen “any evidence of malware being used in the wild on these things.”
