The TSA Issued a Warning About This Popular Device in Airports—Here’s What to Know

Not surprisingly, roughly 75% of U.S. travelers rely on their smartphone as their primary tech companion to keep entertained—well ahead of laptops (17%), tablets or iPads (17%) and portable gaming consoles (8%).

Conveniently, this pocket- (or purse-) sized device is ideal for accessing maps and language translation apps, reading messages, playing games and listening to music and podcasts, and it even doubles as your boarding pass.

Problem is, the TSA has issued a warning to smartphone users about a common practice at airports that could pose a serious threat—and it’s not just about accessing public Wi-Fi. Read on for a security expert’s warning about using smartphones at airports.

Get Reader’s Digest’s Read Up newsletter for more tech, travel, humor, money and fun facts all week long.

What warning did the TSA issue?

TRICIA TOMS/GETTY IMAGES

The Transportation Security Administration (TSA) recently took to Facebook to warn travelers about charging smartphones via USB ports at airports. Because “hackers can install malware [malicious software] at USB ports,” the post cautions.

These USB ports are found virtually everywhere at airports big and small: in restaurants and bars, in lounges, and often built into the chairs at the gate for when you’re waiting for your flight. USB-A or (smaller) USB-C ports at charging stations only require you to have your iPhone or Android cable. In some cases, there are wireless “Qi” charging pads to lay a compatible smartphone on, though these don’t pose a threat.

Wait, aren’t those USB ports literally provided by the airport?

Yes, usually. Or they’re supplied by an airline in their lounge.

“Juice jacking,” as it’s often called, isn’t a new concern, says Iskander Sanchez-Rola, Director of AI & Innovation for Norton, a leading cybersecurity company. “Warnings about ‘juice jacking’ have circulated for years from cybersecurity experts and even the FBI,” maintains Sanchez-Rola. “While these attacks are rare, they’re technically possible, and it only takes one compromised port to put your data at risk.”

Although it was not through a formal directive, Sanchez-Rola says the TSA warning should be taken seriously, “urging travelers to avoid public USB charging stations due to the risk of malware and monitoring software.”

Reader’s Digest reached out to the TSA for comment but was advised “we have nothing further [to share] on this at this time.”

How real is this threat?

There aren’t any publicly available statistics on how big a threat this is, but Sanchez-Rola agrees, “there is a risk.”

“Public USB charging ports, like the ones you see at airports or on planes, can be tampered with to install malware or extract data from your phone,” he adds. “Now, is it widespread? No. But you could be one click or one plug away from an attacker getting access to your files, contacts or worse.”

Not everyone agrees. In a blog post titled “You’ve Been Misled: TSA’s Airport USB ‘Juice Jacking’ Warning Is Just Media Hype,” travel expert Gary Leff says TSA’s warning about juice jacking is “mostly an urban legend.”

“While it’s theoretically possible” that a compromised USB port could be used to transfer malicious software to your device or to steal data directly, “confirmed cases don’t appear to be well-documented,” says Leff, co-founder of frequent flyer community InsideFlyer.com who was named one of the “World’s Top Travel Experts” by Condé Nast Traveler.

How would “juice jacking” even work?

As for what could potentially happen, Sanchez-Rola says, “when you plug your phone into a USB port, you’re potentially opening a data connection—not just a powered one—and so if that port is compromised, it’s like giving a stranger access to your device.”

Then, the cybercriminal could drop malware on your phone, watch what you type or even lift files or data without your knowledge.

“Don’t assume every USB port is just about electricity,” adds Sanchez-Rola. “In more advanced cases, the malware might clone your entire phone data, everything from your GPS location and recent purchases to your social media activity, photos, call logs and more.”

This could lead to identity theft, Sanchez-Rola says: “If they’re able to transfer that information back to their own device, that’s more than enough to impersonate you or gain access to your accounts.”

What do experts recommend doing instead?

It’s always advisable to err on the side of caution, so don’t use USB chargers at airports or even on the airplane itself.

Instead:

• Use your own charger and plug directly into a standard wall (AC) outlet. This avoids any data connection entirely.
• Choose a different method to charge your phone, such as carrying a power bank (i.e. back-up battery), especially for long flights or layovers. Just be sure to check your airline’s guidelines on how to pack these, as the rules are evolving.
• Consider a “USB data blocker” (or a charge-only cable), if you must use a public port. This is like a small “middleman” device that’s attached in between your USB cable and the USB charging port. It blocks any data transfer while still allowing power to flow.
• Install mobile security software on your smartphone and other devices, like Norton Mobile Security or Norton 360 for Mobile, both of which can help detect and block suspicious apps or activity, and protect your personal information.
• Apple users can enable Lockdown Mode, which provides enhanced protection against advanced threats such as juice jacking by blocking USB data access—unless the device is unlocked and explicitly trusted.

“Making these small changes is like wearing a seatbelt,” says Sanchez-Rola. “You’ll be glad you had it if something does go wrong.”

What else should you do to stay safe at the airport?

LECHATNOIR/GETTY IMAGES

Avoid free Wi-Fi networks while traveling, the TSA warns, as it’s safer to use your cellular data than a publicly shared network.

You can also use your smartphone’s cellular connection to wirelessly get online on a laptop, by turning it into a “personal hotspot,” which is more secure than public Wi-Fi hotspots. Data rates will apply, though. (While traveling overseas, renting an eSIM for your smartphone is an inexpensive way to stay connected and protected.)

Any communal Wi-Fi network is a threat, especially if it doesn’t require a password to enter, as you may be joining a hacker’s hotspot that could compromise the data on your laptop, tablet or phone. For instance, the network may be called something like “LaGuardia Airport Free,” but it could be someone on their laptop who set up a phony network.

If you must use public Wi-Fi, at the very least use a Virtual Private Network (VPN), which is a small piece of software that conceals your online identity; it uses “encryption” technology to scramble your data, making it unreadable to anyone who tries to access it, which includes hackers and other cybercriminals. While you’re at it, avoid making any financial transactions, such as online banking.

RELATED:

• This Common Gadget Is Banned in Checked Luggage—Here’s What You Need to Know
• The TSA Will Toss These Trendy Skin-Care Products If You Try to Carry Them On
• New Survey: Here’s Exactly How Much Time You’ll Save at the Airport with TSA PreCheck

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, including tips, tricks and shortcuts for getting the most out of computers, televisions, smart home gear, smartphones, apps, texting, social media and more. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. For this piece, Marc Saltzman tapped his 30 years of experience as a technology journalist, the author of several books and the host of the syndicated Tech It Out radio show and podcast to ensure that all information is accurate and offers the best possible advice to readers. Read more about our team, our contributors and our editorial policies.

Sources:

• Cybernews: “Over 20% of commuting Americans say strangers peek at their devices in public”
• Transportation Security Administration Warns Against USB Ports
• View from the Wing: “You’ve Been Misled: TSA’s Airport USB ‘Juice Jacking’ Warning Is Just Media Hype”
• Apple Support: “About Lockdown Mode”

giuliano2022/Getty Images

Why Not to Use a Lock on Your Luggage

NATHAN BILOW/GETTY IMAGES

Avoid This Mistake with Your Boarding Pass

Spencer Platt/Getty Images

What the TSA Does with Confiscated Items