You’ve Been Misled: TSA’s Airport USB ‘Juice Jacking’ Warning Is Just Media Hype

There are stories everywhere about a new major warning from the TSA about travelers getting their devices hacked by using USB charging at airports. Except the TSA did not just issue this warning, and there’s no evidence there’s actually a problem.

Scare stories are widespread now warning travelers not to use public USB charging stations at airports, suggesting that these charging ports could be a vector for hackers to steal your data or install malware on your phone, a practice dubbed “juice jacking.”

This is sort of possible, but mostly an urban legend. A compromised USB port could be used to transfer malicious software to your device or to steal data directly. While it’s theoretically possible, confirmed cases don’t appear to be well-documented.

  • Generally when you plug into a USB device that wants to access your data, you’ll be asked if you want to allow this.
  • Sure, people can be tricked into agreeing or might just mindlessly agree.

If you work with sensitive data, that might be targeted by state actors or corporate espionage, your hygiene practices need to be next-level. For the average traveler this is probably low on my list.

Mostly it’s just media hype, since these ‘major warnings’ from the TSA (1) aren’t new, and (2) aren’t a ‘major warning’. Instead they are recycling of a TSA Facebook post with a standard travel tip from March.

Nonetheless, Enilria points to a precaution you can take in the form of an inexpensive device that allows charging but blocks data transfer through USB connections.

About Gary Leff

Gary Leff is one of the foremost experts in the field of miles, points, and frequent business travel - a topic he has covered since 2002. Co-founder of frequent flyer community InsideFlyer.com, emcee of the Freddie Awards, and named one of the "World's Top Travel Experts" by Conde' Nast Traveler (2010-Present) Gary has been a guest on most major news media, profiled in several top print publications, and published broadly on the topic of consumer loyalty. More About Gary »

More articles by Gary Leff »

Comments

  1. A simple way to block data transfer would be to charge a power bank and later use the charged power bank to charge the phone. I almost always have a power bank with me when traveling.

  2. Take it from someone with 40 years of IT experience Gary it isn’t hype. I ordered a blocker that fits over the end of the USB plug and make everyone in my family use it. Doesn’t impact charging but does provide some protection. To just blow this off as hype is frankly misleading and could be dangerous

  3. @AC — Since you’re ‘in’ IT, would that ‘blocker’ be considered a ‘dongle’? It’s a fun word.

  4. Just plug in the normal 120 vac 5W power block. Presto. No hijacking possible.

    Never heard of this really happening in real life but using 120 ac power means it’s not even possible.

  5. @1990 – Retired now but over course of my career I did everything from programmer (where I started after a degree in computer science) to CTO and CIO of multiple national companies plus had my own IT consulting company for a while. I was responsible ultimately for data protection and security at the national companies where I led the IT organization so had to report on that to our board of directors periodically. I was also heavily involved in implementing the IT security controls for regulations like HIPAA, Sarbanes/Oxley, etc so, yeah, I have a LITTLE bit of knowledge.

    The device I ordered is called the PortaPow 3rd Gen USB Data Blocker. They are specifically designed to block juice jacking without otherwise impacting your ability to charge. I ordered them on Amazon and a 2 pack is less than $10. It is like anything else, the odds you get hit are likely very small but IMHO it makes sense to add reasonable protection to minimize the risk.

  6. @AC — Wow! Well done. That’s much more than a ‘little.’

    Alright, I’m sold. It’s fairly priced, after all. As I was looking, some refer to these data blockers as ‘USB condoms.’ So, folks, be sure to ‘wear protection’ when charging…

    Relatedly, I’ve noticed on some newer Airbus, like the a321neo (with KLM at least), they just have USB-C (no USB-A, or AC outlets, etc.) So, I may get a USB-C data protector, too.

  7. The power bank is heavy. These are light.

    About to attend an accounting conference in Las Vegas (where I’ve had credit card fraud issues before.)

    Bought the 4-pack of devices for protection and peace of mind.

  8. @1990 – on the USB C issue I had to go the other way. All our phones are IPhone 16 pros so had to get a converter to fit on end of USB-C cable so it will fit into “normal” USB public charge outlets (along w charging condom of course). On other hand my daughter just spent a couple of weeks in Europe and I noticed she left the converter I gave her. I asked how she charged her phone (also had a block so could have used that with a plug to fit EU outlets) and she said all the chargers she found were USB-C so you likely will need that converter especially if you travel internationally. After all the reason Apple went with USB-C (as of IPhone 15s as I recall) was due to worldwide standards.

  9. @AC — Yup, the EU supposedly is attempting to reduce ‘e-waste’ and ‘simplify’ charging for consumers, starting December 28, 2024, all new portable electronic devices must have USB-C (laptops delayed until 2026.) It’s a good idea, though, I’m sure some companies will miss out on profiting off ‘new’ cables for each device…And, like vehicle emissions standards being set by California, perhaps, this will impact more than just Europe. I tend to like the idea.

  10. I was pretty sure my Pixel, which asks me every time I want to access data on my phone, would do the same request about whether I wanted to access data even with bad actors. I use a charging block at airports. I have it with me anyway, and it’s faster than a provided USB port. There is danger, but it’s like driving a car. You plan things so you never run out of gas. Smart people don’t run out of gas, I assume smart people don’t run out of charge. But, to be fair, I don’t use my phone as much as most. (OK, I’m probably in the bottom 10% of phone resource users.)

  11. USB-c was forced upon Apple by the EU. They fought the change as long as they could. Doing so caused a lot of Lightning cables to get scrapped, probably along with their associated chargers. Just government picking winners and losers. USB-c is great for charging and data transfer as is the smaller Lightning connector.

  12. @Gary – Agree with @AC, having 30+ years in IT and Cybersecurity myself, juice jacking is not hype but it is old news not something recently discovered. Personally, as recommended by @AC and others, I even use a USB blocker for years with a charger since you don’t know if those chargers or the cables have been compromised at the factory (look where most are manufactured). Even with USB-C, I use the old USB-A blocker with the USB-C adapter since you can see the 4 pins on the USB-A jack and know the 2 inner data pins were removed and only the 2 outer power pins remain.

    Anyone who doesn’t believe this should walk through the vendor area at the DEF CON (R) hacking conference (30K+ attendees) in August in Las Vegas. And you see all sorts of compromised cables, chargers, and way more in action plus great people watching.

    As for WiFi, I always use my mobile as a hotspot and avoid public WiFi. It’s not as a big of a deal as years ago since more programs do end-to-end encryption of passwords, etc. But you’re still exposing your device to everyone else including hackers. If on public WiFi if not other option, at minimum make sure your system is up to date on security patches and use a VPN. Could write a very long article on these but TMI for here.

  13. My distrust of “public” charging ports has less to do with security and more to do with general concerns about improper Power Delivery negotiation, port overvoltage, overcurrent, etc.

    Safer to Bring Your Own Charger that you know won’t fry your phone/laptop.

Leave a Reply

Your email address will not be published. Required fields are marked *