Go Back  FlyerTalk Forums > Travel&Dining > Travel Technology
Reload this Page >

"Juice Jacking" — Are USB ports on aircraft or even Amtrak safe?

"Juice Jacking" — Are USB ports on aircraft or even Amtrak safe?

Old Nov 19, 2019, 6:34 am
  #1  
A FlyerTalk Posting Legend
Original Poster
 
Join Date: Mar 2001
Posts: 55,189
"Juice Jacking" — Are USB ports on aircraft or even Amtrak safe?

When flying or on the train, I charge my iPhone and/or iPad while using it. Given the recent publicity about "juice jacking", are the USB ports on Delta or any airline as well as on trains (Amtrak, Deutche Bahn, etc) safe?
Analise is offline  
Old Nov 19, 2019, 7:07 am
  #2  
FlyerTalk Evangelist
 
Join Date: May 2001
Location: MSY; 2-time FT Fantasy Football Champ, now in recovery.
Programs: AA lifetime GLD; UA Silver; Marriott LTTE; IHG Plat,
Posts: 14,508
Snopes just chimed in.

They agree it's technically possible, but couldn't verify any reports of it happening; it's certainly not widespread

https://www.snopes.com/fact-check/ju...ecurity-issue/
nancypants and hhdl like this.
swag is offline  
Old Nov 19, 2019, 7:10 am
  #3  
Suspended
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,103
Originally Posted by Analise
When flying or on the train, I charge my iPhone and/or iPad while using it. Given the recent publicity about "juice jacking", are the USB ports on Delta or any airline as well as on trains (Amtrak, Deutche Bahn, etc) safe?
"Juice-jacking" on trains and buses and planes would involve much the same kind of thing. But the issue with planes would be how would the data thieves get access to the data from "juice-jacking" fittings. It's way easier for criminals and others to get data from fixed station juice-jacking than from moving vehicles, but it wouldn't take much more to do it from train and bus USB ports than from fixed station locations. Airplanes would be more complicated, but where there is a will, there would be a way.

Aren't there still some power-only cables being sold out there for iOS devices? Either way, I tend to find a rechargeable portable battery with a cable or two to be fine by me.

I would have to assume that "juice-jacking" on moving vehicles is not the highest risk way for devices' data to be compromised and grabbed by criminals, governments, and so on -- even as it's technically possible and been done before.

Last edited by GUWonder; Nov 19, 2019 at 7:15 am
GUWonder is offline  
Old Nov 19, 2019, 10:35 am
  #4  
 
Join Date: Sep 2008
Location: Long Island, NY
Programs: Marriott Titanium Elite/Lifetime Titanium, Delta Platinum Medallion, Hertz #1 Gold
Posts: 720
If you're really concerned, and still want to use public usb ports, something like this might help...

Amazon Amazon
TGarza likes this.
IslesFan is offline  
Old Nov 19, 2019, 10:45 am
  #5  
FlyerTalk Evangelist
 
Join Date: Jun 2013
Posts: 17,254
Originally Posted by IslesFan
If you're really concerned, and still want to use public usb ports, something like this might help...

https://www.amazon.com/gp/product/B0...?ie=UTF8&psc=1
If 12 bucks solves a problem, is it really a problem?
rickg523 is offline  
Old Nov 19, 2019, 11:19 am
  #6  
A FlyerTalk Posting Legend
Original Poster
 
Join Date: Mar 2001
Posts: 55,189
So it looks like the news is making this more of a big deal than it really is.
Analise is offline  
Old Nov 19, 2019, 11:25 am
  #7  
Suspended
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,103
Originally Posted by Analise
So it looks like the news is making this more of a big deal than it really is.
Feeding and fueling people's insecurities and hooking them to that and other such strong feelings is part and parcel of the business model to get and/or retain an audience -- be it the audience of social media platforms, of the online infotainment media aggregators/providers, or the audience of others who make their money and/or living on feeding and fueling people's insecurities and other such strong feelings.

Remember all the hype about Y2k leading to massive problems? It's only that now there are way more stories to sell to way more people in way more ways. It's good to be informed about what could happen and does happen but it's more important to put it in perspective of what it really means.
Analise, trooper, KRSW and 2 others like this.
GUWonder is offline  
Old Nov 19, 2019, 11:25 am
  #8  
FlyerTalk Evangelist
 
Join Date: Nov 2002
Location: ORD
Posts: 14,195
Originally Posted by Analise
So it looks like the news is making this more of a big deal than it really is.
As usual. Fear = more viewers = more ad revenue

Current versions of iOS won't allow USB communication with a device you haven't explicitly authorized, and will require you to unlock your phone if it has been locked for more than an hour (by default at least). I think Android has similar restrictions.

If you're still worried, just use a regular outlet to charge with a charger you bring. I do that anyway, since many public USB ports may not provide the full 2A that the phone can take...and newer phones can take even more with the correct charger.
Analise, trooper, KRSW and 2 others like this.
gfunkdave is offline  
Old Nov 19, 2019, 11:34 am
  #9  
Suspended
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,103
Originally Posted by gfunkdave
As usual. Fear = more viewers = more ad revenue

Current versions of iOS won't allow USB communication with a device you haven't explicitly authorized, and will require you to unlock your phone if it has been locked for more than an hour (by default at least). I think Android has similar restrictions.

If you're still worried, just use a regular outlet to charge with a charger you bring. I do that anyway, since many public USB ports may not provide the full 2A that the phone can take...and newer phones can take even more with the correct charger.
Does the current version of iOS even allow USB charging of a device without having explicitly authorized the phone's USB cable connection to a device? Or is that more of an issue when using third party USB cables than when using Apple's own cables?
GUWonder is offline  
Old Nov 19, 2019, 12:16 pm
  #10  
formerly Sleepy_Sentry
 
Join Date: Jul 2011
Posts: 613
Originally Posted by Analise
When flying or on the train, I charge my iPhone and/or iPad while using it. Given the recent publicity about "juice jacking", are the USB ports on Delta or any airline as well as on trains (Amtrak, Deutche Bahn, etc) safe?
Why would anyone care about your data and how would they retrieve it from a secured moving vehicle? Unless you're a diplomat or someone with a security clearance I would not be concerned.

Last edited by danielflyer; Nov 19, 2019 at 12:34 pm
danielflyer is offline  
Old Nov 19, 2019, 12:26 pm
  #11  
FlyerTalk Evangelist
 
Join Date: Aug 2009
Location: ZOA, SFO, HKG
Programs: UA 1K 0.9MM, Marriott Gold, HHonors Gold, Hertz PC, SBux Gold, TSA Pre✓
Posts: 13,811
Originally Posted by Analise
So it looks like the news is making this more of a big deal than it really is.
FWIW - if it was a big deal, the CA AG would be the one speaking out. Why would a County DA have such opportunity?

This is truly a fake news.
Analise likes this.
garykung is offline  
Old Nov 19, 2019, 12:30 pm
  #12  
FlyerTalk Evangelist
 
Join Date: Jun 2013
Posts: 17,254
Fnord!
rickg523 is offline  
Old Nov 19, 2019, 1:53 pm
  #13  
Suspended
 
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,103
Originally Posted by Sleepy_Sentry
Why would anyone care about your data and how would they retrieve it from a secured moving vehicle? Unless you're a diplomat or someone with a security clearance I would not be concerned.
People with nefarious or otherwise unscrupulous intent get their jollies and returns in various ways. That could be anything from such types hoping to get device owner’s naked selfies, to get device owner’s frequent flyer and other account info from their device-stored emails/notes, to get the calendar and travel history/plans of the device owner and thereby plot a home burglary when the device owner is known to most likely be gone, or who knows what else.
GUWonder is offline  
Old Nov 19, 2019, 2:05 pm
  #14  
FlyerTalk Evangelist
 
Join Date: Apr 2009
Location: Bye Delta
Programs: AA EXP, HH Diamond, IHG Plat, Hyatt Plat, Marriott Plat, Nat'l Exec Elite, Avis Presidents Club
Posts: 16,247
Originally Posted by gfunkdave
As usual. Fear = more viewers = more ad revenue

Current versions of iOS won't allow USB communication with a device you haven't explicitly authorized, and will require you to unlock your phone if it has been locked for more than an hour (by default at least). I think Android has similar restrictions.

If you're still worried, just use a regular outlet to charge with a charger you bring. I do that anyway, since many public USB ports may not provide the full 2A that the phone can take...and newer phones can take even more with the correct charger.
This. It's faster anyway.

Juice Jacking attacks, in practice, don't really happen on any sort of widespread basis. And since the USB outlet needs to be physically modified in order to be compromised, it's much less likely to happen in controlled environments like planes than other locations where the outlet can be easily accessed for a longer period of time. But if you insist on plugging into USB ports anyway, a power-only USB cable easily allays any concerns.
javabytes is offline  
Old Nov 19, 2019, 2:12 pm
  #15  
formerly Sleepy_Sentry
 
Join Date: Jul 2011
Posts: 613
Originally Posted by GUWonder
People with nefarious or otherwise unscrupulous intent get their jollies and returns in various ways. That could be anything from such types hoping to get device owner’s naked selfies, to get device owner’s frequent flyer and other account info from their device-stored emails/notes, to get the calendar and travel history/plans of the device owner and thereby plot a home burglary when the device owner is known to most likely be gone, or who knows what else.
So if you're on an Amtrak train from DC to New York or an airplane from San Diego to Phoenix, at what point in your journey would the data be retrieved from the hacked port? How would they identify where you live? If they want to rob your house, what if you just happen to be a business traveler and have family at home manning the fort? Maybe a maintenance person could try this, but the by the time he or she got the data, it might have been days or weeks since you last used that port.

Stealing personal information in this way would be far too time-intensive and costly to be worth anyone's time. Anyone with the skills to pull this off is too smart to rob your house and can more easily hack your data online.
danielflyer is offline  

Thread Tools
Search this Thread

Contact Us - Manage Preferences - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.