An iPhone's Lightning port
AppleInsider may earn an affiliate commission on purchases made through links on our site.
The FBI has again warned the public against using public USB ports to recharge an iPhone, with "juice jacking" attacks infecting mobile devices connected to the ports.
Many people will be familiar with malicious apps and online attacks performed over the Internet, and that physical attacks are possible but rarer. However, despite this apparent knowledge, many still leave their devices open to potential attack by using public recharging points.
In a warning issued via Twitter on April 6, The Federal Bureau of Investigation's Denver office posted a warning to "avoid using free charging stations in airports, hotels, or shopping centers." The FBI believes bad actors have "figured out ways to use public USB ports to introduce malware and monitoring software onto devices."
The idea is that a USB charging point could be compromised by an attacker. Since the public doesn't necessarily believe a seeming power source available for free use could be malicious, the device owners will use the connection without contemplating whether attacks could be made on their hardware.
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
The concept of a connection-based attack isn't new, as it has been around for many years. It's also not limited just to USB charging points, as a maliciously-crafted cable could even be used to the same effect.
Various US agencies have been warning against "juice jacking" for over a year.
How to protect against "juice jacking"
Apple does include "Trust this device" prompts that appear in iOS and iPadOS when you connect a new accessory to it, which does prevent any data transfers from occurring. If such a notice appears on a device connected to what should be a power-only USB port, you should disconnect it immediately.
However, it is also possible for the notification to be bypassed, if the attack itself is sophisticated enough.
Furthermore, if you're actively using the iPhone while it is plugged in, you may not necessarily see the prompt at all.
To combat the potential attacks, the FBI recommends using your own charger and USB cable to receive power from an electrical outlet, rather than trust a potentially compromised component.