Watch out! Charging stations could be stealing your data

  • 2 min read
Hearing your phone chirp desperately in order to alert you that it's running out of battery power is heartbreaking when you're stuck in an airport, hotel, or shopping center with no power outlets in sight. But wait! There's a free charging station right around the corner. There's no harm in using that to refresh your battery, right?


As the folks at Krebs on Security report, those innocent-seeming charging stations could easily turn from saviors to devious data thieves. Those charging stations could easily be configured to copy data from your smartphone — or to even install malware on the device.

To prove this point, Brian Markus, president of Aires Security, and security researchers Joseph Mlodzianowski and Robert Rowley set up a little social experiment at DEF CON, a massive hacker conference held each year in Las Vegas:

"We’d been talking about how dangerous these charging stations could be. Most smartphones are configured to just connect and dump off data,” Markus said. “Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device.”

To make their charging station more attractive to passersby, Markus and his pals equipped it with a variety of charging cables to fit the most popular wireless devices. When no device was connected, the LCD screen fitted into the charging station displayed a blue image with the words "Free Cell Phone Charging Kiosk." The screen switched to a red warning sign when users plugged in any devices. The warning message read:

"You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”

At least 360 people used this charging station.

To put that into perspective: Over 10,000 individuals attended DEF CON in 2010. It wouldn't be unreasonable to assume that the 2011 event saw a similar number of attendees — meaning that nearly four percent of the notoriously security conscious individuals attending the conference could've had their mobile devices' security compromised.

That's scary, but it's not a reason to panic. After all, there are steps you can take to protect your own devices and data:

Bring a regular charger cable when you travel and use that to plug into plain old electrical outlets instead of trusting cables dangling from charging stations. Invest in some spare battery packs to recharge your devices on the go.
If you absolutely have no choice other than to rely on a charging station, then at least power down your mobile device entirely before plugging it in. This may keep you protected.