Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,962
39,958


The United States Federal Bureau of Investigation (FBI) last week warned users to stay away from public USB ports due to malware risks. On Twitter, the Denver FBI office (via CNBC) said that public charging stations in hotels, airports, and shopping centers can be a malware attack vector.

lightning-connector-feature-blue.jpg

Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.

Apple's iPhones and Macs have a USB security feature that prevents the Lightning port from being used for data transfer purposes when it has been more than an hour since the device was unlocked, but this does not prevent malware installation if you are actively using your device and connect to a public port.


If a public USB port is used to transfer malware to a computer, tablet, or smartphone, hackers can gain access to sensitive data on the device, siphoning usernames and passwords, hijacking email, stealing money from online accounts, and more.

The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.

The FBI has a similar warning on its website, noting that people should not use free charging stations. The FBI also warns against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for all accounts, and clicking unsolicited links in text messages and emails.

Article Link: FBI Warns Against Using Public USB Ports Due to Malware Risk
 
Last edited:


The United States Federal Bureau of Investigation (FBI) last week warned users to stay away from public USB ports due to malware risks. On Twitter, the Denver FBI office (via CNBC) said that public charging stations in hotels, airports, and shopping centers can be a malware attack vector.

lightning-connector-feature.jpg

Bad actors have learned to use public USB ports to "introduce malware and monitoring software onto devices," the FBI said. When out in public, users should bring their own charger and USB cord, using an electrical outlet for charging purposes instead of a public USB port.

Apple's iPhones and Macs have a USB security feature that prevents the Lightning port from being used for data transfer purposes when it has been more than an hour since the device was unlocked, but this does not prevent malware installation if you are actively using your device and connect to a public port.


If a public USB port is used to transfer malware to a computer, tablet, or smartphone, hackers can gain access to sensitive data on the device, siphoning usernames and passwords, hijacking email, stealing money from online accounts, and more.

The only way to stay safe is to use your own USB cable to charge in public spaces, which effectively prevents this potential method of attack.

The FBI has a similar warning on its website, noting that people should not use free charging stations. The FBI also warns against using public Wi-Fi for sensitive transactions, opening suspicious documents, using the same password for all accounts, and clicking unsolicited links in text messages and emails.

Article Link: FBI Warns Against Using Public USB Ports Due to Malware Risk


I feel like this is something that's been known in tech circles for years..

I've been trying to explain this to my customers, family, and friends for years now..

Maybe they'll actually pay attention to this?

Probably not, but it can't hurt.
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.

FBI Warns Against Using Public USB Ports Due to Malware Risk​

...and asks everyone to use their personal, FBI-certified USB cables which will be shipped out to them in the coming weeks...
Let's call this FBI derangement syndrome (FDS) since you chose to make this political even though it really did not have to be.
 
Last edited by a moderator:
I've yet to find a good one for USB-C though - you end up charging at like 5V 1A because it can't negotiate USB-PD protocol without the data lines :-/
PortaPow seems to be the most popular brand, but none of the USB-C versions I'm aware of support "Quick Charge" functions.
 
  • Like
Reactions: djc6
How do i know what cable i am buying ?
You can always test the cable at home connecting your phone to your computer. If the phone doesn't ask for authorization or doesn't automatically connect, it's most likely power only. They also sell power only cables.

Someone handy with an Xacto knife can cut open a regular USB cable and snip the data cables--usually the green and the white. The red is power, the black is ground. Usually.
 
  • Like
Reactions: wyrdness
Or get a data blocker, if the cable can be unplugged.

ALWAYS use a data blocker in a rental car as the head units tend to gulp everything they can off any devices connected to them. Amazon has a bunch of data blockers if you look for them. (They just connect to the power leads of the USB port. Although I understand some devices won't charge if they aren't also connected to data lines. There is a shim for that in some blockers, but even still, some devices just will not charge unless there is also data connectivity:rolleyes:)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.