One of the worst things that could happen to any weary traveler is to have a phone that's running low on battery life. We rely on our phones so much that getting cut off in the middle of nowhere is enough to throw us into a fit of panic.
Thankfully, public charging stations in airports, shopping malls and coffee shops are sprouting up everywhere, aiming to quench the electronic thirst of road-weary gadgets that are on the wrong end of the battery percentage bar.
Convenient and life-savers, for sure, but are these public charging stations safe?
Not exactly. Similar to why public Wi-Fi hotspots are risky, plugging your phone into a random USB charging port in an open area is not the safest thing in the world. While most of the legitimate charging stations are probably fine, it is possible that some could be configured to install malware on phones or even steal data via a process called "juice jacking."
Now, security researchers from KrebsOnSecurity are warning everyone about an even easier way for data thieves to snoop on your phone while using a public charging station.
The researchers are calling this method "video jacking" and it exploits a smartphone's HDMI video-out feature via the charging port.
By configuring a charging station with special equipment that splits the video signal as soon as you plug in an exploitable smartphone, attackers could record a video of everything you do on the phone while it's plugged in.
And we mean EVERYTHING, including your phone's PIN, passwords and account numbers you type, texts and emails you compose, basically any activity and keystroke you do on your phone while "charging" it.
As everyone knows, any character you type gets highlighted on your phone's virtual keyboard and even password characters are shown briefly on the screen. This makes this attack method extremely potent if executed successfully.
So is your phone vulnerable?
The standard used for this smartphone video-out through HDMI tech is called Mobile High-Definition Link (MHL).
Most newer Android phones have this MHL feature enabled by default so if you have one of these phones, you will have to be extra vigilant when charging via public USB stations.
Although some phones will display an "HDMI Connected" notification when the video-out via charging port feature is connected to a display, the researchers say that most phones will "display no warning at all."
It's not just Android phones that are vulnerable to this attack. iPhones and iPads can be "video jacked" too by concealing digital AV adapters such as Apple's Lightning to HDMI adapter under charging stations. It's still important that you don't let your guard down even if you don't have an Android device.
(A helpful list of current MHL compatible phones is available here.)
What can you do to prevent this?
Of course, your safest bet is to bring your own USB cable and charger and plug it directly into a wall outlet. If you're traveling, a phone charging kit is one of the essential things you'll need to bring anyway.
If you don't have your cable or charger or if there's no available wall outlet, another way to prevent fake charging stations from "juice jacking" and "video jacking" your phone is to simply turn it off and keep it off while you are connected. Just unplug then turn it on after an hour or so of charging.
To prevent "juice jacking" malware from downloading to your device while you are connected to a public charging station, you could opt for real-time protection that will monitor your device's activity for viruses, malicious software or unauthorized activity.