CASCADE TOWNSHIP, Mich. (WOOD) — If your phone’s running out of juice, a USB charging station at an airport can be a lifesaver. But next time you need to charge your phone on the go, you should come up with a backup plan, the FBI says.

The FBI is warning people not to use USB charging stations at airports, hotels and shopping centers. It’s because of “juice jacking,” a process where hackers manipulate the USB ports to put malware on people’s phones and copy their data.

“There are malicious people out there,” said Richard Maloley, a senior security consultant with OST, an IT firm in Grand Rapids. “There are malicious actors out there. You don’t want to get caught in their web.”

A work area at Gerald R. Ford International Airport near Grand Rapids. (April 12, 2023)
A work area and charging station at Gerald R. Ford International Airport near Grand Rapids. (April 12, 2023)

The FBI warning is part of an effort to make sure your personal data, like your credit card information, passwords, pictures, videos and more, doesn’t get into the wrong hands.

“You could lose your data potentially that way or you could potentially have malware installed,” Greg Gogolin, the director of cybersecurity and data science at Ferris State University, said. “Wipe out bank accounts. Charge out credit cards.”

Cybersecurity experts say they’ve known for about five years that juice jacking is possible.

“It’s been proven you can, in fact, create a malicious device where you plug in your phone and during the charging process, it can take over that device,” Maloley said.

If you’ve already plugged your phone in to a USB port in public, you’re probably OK, Maloley said.

“Ninety-nine percent of us are OK,” Maloley said. “It’s more in theory. I’m not aware of this happening anywhere in the United States right now. It’s just a possibility. Again, if you don’t control it, if it’s not yours, don’t trust it.”

Just the fact that it’s possible has some concerned. Maloley said it’s best to stay on the safe side, keeping your phone up to date and using your own block to plug your phone into an outlet.

“Do you just jump into murky water?” Maloley said. “Same concept. Just practice the safe concept. If you don’t understand, if you don’t know what it is, if you’ve never seen it before, ignore it, don’t go towards it, don’t enable it and don’t accept it.”

“Basic security,” Maloley added. “Trust but verify. If you don’t control it, you can’t really trust it, so you’re better off going with what you do have in your possession, what you do trust in your possession.”

A USB cord has four cables inside of it, two for power and two for transferring data. You can purchase a special cord made only for power to protect yourself.

“They might call them a data blocker cord,” Gogolin said. “They don’t have the extra pins in them to allow both charging and data access. You could use one of those and probably live safely.”

The FBI also recommends plugging into a power outlet. Gogolin agreed it’s smart to stay cautious to keep your data safe.

“Think about being without your phone for a couple of hours and you can find a different method to charge versus the hours and hours and days you could have wrapped up into some sort of exposure,” Gogolin said.

In a Wednesday statement to News 8, Gerald R. Ford International Airport near Grand Rapids encouraged travelers to stay cautious:

“The Gerald R. Ford International Airport is aware of the issue of “juice jacking,” and has been diligent in training our staff on cybersecurity issues,” said Alex Peric, the chief operating officer for the airport. “We encourage guests to use their own cords and plugs for electrical outlets and should never use a cord or other type of electronic equipment left behind by someone else. We encourage travelers to remain vigilant and look twice before plugging in a device to be sure that the infrastructure is free from signs of tampering, passengers should report any suspected tampering with charging stations to gfiainfo@grr.org or by calling 616.233.6000.”

Ford Airport

Sometimes you can tell if a USB port has been tampered with, Maloley said.

“If it’s an amateur doing it, they’re going to leave some marks,” he said. “You’re going to see scuff marks around the charging area. You’re going to see an obvious it got cracked or it got broke in some way.”

If juice jacking does happen to you, you might not be able to tell.

“If data was just transferred, you probably wouldn’t know,” Gogolin said. “You might get an increase in spam calls or something like that. You might find there are charges to your account you didn’t authorize that may have been a result of that data transfer.”

If your phone is infected with malware, it’s a different story.

“Depends on type of malware and purpose,” Gogolin said. “If it’s ransomware and they lock your phone and you can’t get in, clearly you’re going to know. You might also be infected with cryptominer software where they’re using your phone power to mine cryptocurrency, which will degrade the performance of your phone.”

Maloley said you should also be cautious when using public Wi-Fi networks. Because those are less secure, it’s best not to do online banking or anything sensitive.

He then stressed you shouldn’t worry about juice jacking but should stay cautious.

“Again 99% of the time, you’re going to be fine,” Maloley said. “But just to be on the safe side, bring your own charger. You’ll need it anyways.”

**A previous version of this article misspelled Maloley’s last name. We regret the error, which has been fixed.