"Juice Jacking" — Are USB ports on aircraft or even Amtrak safe?
 

When flying or on the train, I charge my iPhone and/or iPad while using it. Given the recent publicity about "juice jacking", are the USB ports on Delta or any airline as well as on trains (Amtrak, Deutche Bahn, etc) safe?

Snopes just chimed in.

They agree it's technically possible, but couldn't verify any reports of it happening; it's certainly not widespread

https://www.snopes.com/fact-check/ju...ecurity-issue/

"Juice-jacking" on trains and buses and planes would involve much the same kind of thing. But the issue with planes would be how would the data thieves get access to the data from "juice-jacking" fittings. It's way easier for criminals and others to get data from fixed station juice-jacking than from moving vehicles, but it wouldn't take much more to do it from train and bus USB ports than from fixed station locations. Airplanes would be more complicated, but where there is a will, there would be a way.

Aren't there still some power-only cables being sold out there for iOS devices? Either way, I tend to find a rechargeable portable battery with a cable or two to be fine by me.

I would have to assume that "juice-jacking" on moving vehicles is not the highest risk way for devices' data to be compromised and grabbed by criminals, governments, and so on -- even as it's technically possible and been done before.

If you're really concerned, and still want to use public usb ports, something like this might help...

If 12 bucks solves a problem, is it really a problem?

So it looks like the news is making this more of a big deal than it really is.

Feeding and fueling people's insecurities and hooking them to that and other such strong feelings is part and parcel of the business model to get and/or retain an audience -- be it the audience of social media platforms, of the online infotainment media aggregators/providers, or the audience of others who make their money and/or living on feeding and fueling people's insecurities and other such strong feelings.

Remember all the hype about Y2k leading to massive problems? It's only that now there are way more stories to sell to way more people in way more ways. It's good to be informed about what could happen and does happen but it's more important to put it in perspective of what it really means.

As usual. Fear = more viewers = more ad revenue

Current versions of iOS won't allow USB communication with a device you haven't explicitly authorized, and will require you to unlock your phone if it has been locked for more than an hour (by default at least). I think Android has similar restrictions.

If you're still worried, just use a regular outlet to charge with a charger you bring. I do that anyway, since many public USB ports may not provide the full 2A that the phone can take...and newer phones can take even more with the correct charger.

Does the current version of iOS even allow USB charging of a device without having explicitly authorized the phone's USB cable connection to a device? Or is that more of an issue when using third party USB cables than when using Apple's own cables?

Why would anyone care about your data and how would they retrieve it from a secured moving vehicle? Unless you're a diplomat or someone with a security clearance I would not be concerned.

FWIW - if it was a big deal, the CA AG would be the one speaking out. Why would a County DA have such opportunity?

This is truly a fake news.

Fnord!

People with nefarious or otherwise unscrupulous intent get their jollies and returns in various ways. That could be anything from such types hoping to get device owner’s naked selfies, to get device owner’s frequent flyer and other account info from their device-stored emails/notes, to get the calendar and travel history/plans of the device owner and thereby plot a home burglary when the device owner is known to most likely be gone, or who knows what else.

This. It's faster anyway.

Juice Jacking attacks, in practice, don't really happen on any sort of widespread basis. And since the USB outlet needs to be physically modified in order to be compromised, it's much less likely to happen in controlled environments like planes than other locations where the outlet can be easily accessed for a longer period of time. But if you insist on plugging into USB ports anyway, a power-only USB cable easily allays any concerns.

So if you're on an Amtrak train from DC to New York or an airplane from San Diego to Phoenix, at what point in your journey would the data be retrieved from the hacked port? How would they identify where you live? If they want to rob your house, what if you just happen to be a business traveler and have family at home manning the fort? Maybe a maintenance person could try this, but the by the time he or she got the data, it might have been days or weeks since you last used that port.

Stealing personal information in this way would be far too time-intensive and costly to be worth anyone's time. Anyone with the skills to pull this off is too smart to rob your house and can more easily hack your data online.