The FBI has warned people to avoid free public charging ports like the ones you might have used at airports and coffee shops before.
The U.S. domestic intelligence and security service said hackers “have figured out” how to use them to infect devices with malware and other surveillance software.
“Bring your own charger and USB cable and use a power outlet instead,” says its Denver branch.
The tweet was posted over the Easter weekend, when many Americans visit friends and family, but is not believed to be related to a specific increase in threat level.
But how careful should you be when charging your phone while you’re out and about? How do you stay safe while keeping your equipment powered on?
Sky News has sought some advice.
How dangerous are public charging stations?
Cybersecurity experts talk about two main methods of “hijacking” those using public USB ports.
The first is “juice jacking,” where criminals load malware onto public charging stations to gain malicious access to devices while charging.
The malware could then be used to steal account credentials, financial information, and other details.
The other is “videojacking,” in which a device hidden in a compromised charging point records footage of everything that happens while the device is plugged in — from entering a password to writing an email.
Check Point’s chief safety engineer, Muhammad Yahya Patel, told Sky News the public charging stations were rarely checked for signs of tampering.
“That’s what criminals are exploiting and relying on,” he said, “so it’s really important to be aware of that — and yes, avoiding public USB charging ports altogether is definitely good advice.”
WH Smith hit by cyber attack
Ransomware attack targets NHS
What about regular plugs?
While USB ports are increasingly a fixture at public charging stations, regular plug points are a safer bet.
That’s because USB cables are designed for data sharing and powering devices – which is why most phones will prompt you with a “Do you want to trust this device?” message when plugged in via USB.
Mr Patel said it was “extremely unlikely and very difficult” to conduct a malware attack through an ordinary three-pin socket that only provides power.
The same applies to devices such as tablets, laptops and portable gaming consoles, which increasingly use the same USB-C charging standard.
What else can I do to stay safe?
If you can afford to bring some extra tech gear with you on the road, there are also some safer options for keeping your devices charged.
Power banks and battery packs are becoming more portable and affordable.
The FBI recommends that people travel with a dedicated charging cable, which prevents any data from being received or sent while charging.
Mr Patel says data-blocking cable accessories basically apply the same buffer to any other cable – they’re essentially adapters that look a bit like retro USB thumbsticks.
“You can also get some extra protection by locking your device when it’s plugged in,” he added.
Will the risk increase?
While the FBI’s tweet was a standard public service announcement, experts warn that cybercriminals are getting better at targeting our data.
As more of us move more of our personal and work lives to our devices, the potential rewards for any hack will only grow, Mr Patel said.
“We’re now seeing blurred lines, with many people using personal devices for work purposes and even having a separate work phone, so there’s additional risk for businesses,” he said.
“If data is captured from that device, that could pose a risk to the organization you work for, as well as your own data, which is why it’s important for people to be fully aware of this.
“If you don’t know or don’t believe where it came from, don’t plug it in.”