In a world where laptop batteries, text messages and even old-school newspapers can hack into your life, the question seems not to be what's stealing your personal data, but rather what isn't. So it may not come as a shock to learn that those innocuous and oh-so convenient charging stations may be infiltrating your smartphone by "juice-jacking."
At this year's DefCon, the folks at Aires Security built a free smartphone charging station -- but with a twist. Krebs on Security reported that when an unsuspecting person plugged in, they were immediately warned that these kiosks are more than capable of downloading their smartphone's data without their knowledge or consent.
Many smartphones are configured to transfer data or sync whenever they're plugged directly into USB ports, which is what cellphone power stations are equipped with. So a crafty hacker could make a simple tweak to the charging station and program it to automatically download all of your cellphone's data or upload malware.
"Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device," Brian Markus, president of Aires Security, told Krebs on Security.
Before you get too paranoid and start smashing the airport charging station with a crowbar, keep in mind that juice-jacking is, at the moment, mostly theoretical; an open but rarely used (or under-reported) window into your smartphone's data repositories.
But better safe than sorry: one DefCon attendee plugged into Aires' kiosk, confident the USB transfer option on his smartphone was turned off, but once he plugged in, it immediately went to USB transfer mode.
Instead of relying on charging stations while traveling, carry with you a plug adapter, practice smartphone battery-saving tips, use battery- or solar-powered mobile charging devices, or -- if absolutely necessary to use a third-party charger -- turn your smartphone completely off before plugging it into a kiosk.