# Avoid Public USB Charging Stations Due to Serious Hackability Risks

For several years, smartphones have come equipped with a built-in feature designed to protect against unauthorized access via USB. In both iOS and Android, users are greeted with a pop-up asking for confirmation before establishing a data connection. However, this safeguard against "juice jacking" – a hacking method where charging stations are manipulated to inject malicious code, steal information, or grant device access when plugged in – has recently been found to be more vulnerable than initially thought.

A recent discovery by cybersecurity researchers has revealed a serious loophole in the system that can be easily exploited. The new "choice jacking" method allows attackers to bypass the protection mechanism on devices without the user's knowledge or consent.

Here's how it works: First, an attacker installs a feature on a charging station that makes it appear as a USB keyboard when connected. This enables them to execute a "USB PD Data Role Swap," which establishes a Bluetooth connection and triggers a file transfer consent pop-up. The malicious device then acts as the keyboard and obtains the user's consent for data transfer, effectively bypassing the security mechanism designed to prevent unauthorized access.

This serious vulnerability poses a significant risk to smartphone users worldwide. Hackers could potentially gain access to all files and personal data stored on smartphones in order to take over accounts or steal sensitive information. Researchers at Graz University of Technology tested this method on devices from various manufacturers, including Samsung, which is the leading smartphone brand alongside Apple.

To test the vulnerability, they plugged these charging stations into devices with unlocked screens and found that data transfer was possible as long as the screen was unlocked. However, no real solution is currently available for most devices to prevent choice jacking attacks. Smartphone manufacturers are aware of the issue but have not implemented sufficient protection against such attacks yet.

Only Apple and Google have developed a solution, which requires users to first enter their PIN or password before adding a device as a trusted source and initiating data transfer. Unfortunately, other major smartphone brands have not implemented adequate security measures to protect against these types of attacks.

If your device has USB debugging enabled, it's especially at risk because this feature allows attackers to gain access to the system via the Android Debug Bridge, install their own applications, execute files, and enjoy higher levels of system access. The simplest way to safeguard yourself from choice jacking attacks via public charging stations is to avoid using them altogether or choose a personal power bank when traveling.

Additionally, make sure your smartphone is always up-to-date with the latest security updates to reduce the risk of falling victim to this type of attack. By taking these precautions and being aware of the risks associated with public USB charging stations, you can significantly minimize your chances of being targeted by hackers.

**Protect Yourself from Choice Jacking Attacks**

- Avoid using public charging stations or those that are not yours. - Use a personal power bank when traveling. - Keep your smartphone up-to-date with the latest security updates. - Disable USB debugging if it's enabled on your device.

By being informed and taking these steps, you can significantly reduce your exposure to choice jacking attacks via public charging stations. Stay vigilant, stay safe!