We all learned as children that we shouldn’t take candy from strangers. It turns out we shouldn’t take charging cables from them either. According to Charles Henderson, Global Managing Partner and Head of X-Force Red at IBM Security, “There are certain things in life that you just don’t borrow. If you were on a trip and realized you forgot to pack underwear, you wouldn’t ask all your co-travelers if you could borrow their underwear. You’d go to a store and buy new underwear.” Henderson says that even a seemingly harmless charging cable may infect your machine and allow the bad guys to steal your data.
Hackers have found ways to put malware on charging cables in order to hijack computers and other devices. These cables look like legitimate cables and appear to work the same way. However, they install malware on the victim’s device that allows the hacker to take control as if they were sitting at the keyboard.
Currently the problem of malicious charging cables is not widespread because it requires manual work to modify the cables and it is not easily scalable. However, creating these cables is cheap and easy, so it has the potential to become a greater problem. A bigger threat at the present time are the USB charging stations found in public places such as airports.
The Federal Communications Commission (FCC) recommends the following advice to charge your devices safely:
- Use an AC power outlet instead of a USB charging station.
- Bring your own charging and USB cables with you when travelling.
- Carry a portable charger or external battery.
- Consider carrying a cable that does not transmit data and can only be used to charge your device.
“Being careful about what you plug into your devices is just good tech hygiene,” says Charles Henderson. “Think of it in the same way that you think about opening mail attachments or sharing passwords. In a computing context, sharing cables is like sharing your password, because that’s the level of access you’re crucially conveying with these types of technology.”