Security Advisory: Avoid Public USB Charging Stations While Traveling

Travel season is a busy time for cyber threats, and one of the easiest risks to overlook is public USB charging. 

Attackers have increasingly targeted travelers by tampering with USB charging ports and leaving behind modified charging cables. While the risk is still considered low, the impact of a compromised device can be high, and this is an easy threat to avoid. 

Why This Matters 

USB ports transmit power and data. A malicious charging station or modified cable can attempt to: 

• Initiate a data connection 

• Install malware 

• Harvest credentials or stored information 

This tactic is commonly referred to as juice jacking. 

TSA and multiple federal agencies have warned travelers to avoid public USB charging stations, especially in airports, hotels, conference centers, and cafes. 

How to Charge Safely 

Stick to these simple best practices when you’re on the move: 

• Use your own wall charger and cable 

• Carry a portable power bank 

• Consider a USB data blocker or “charge-only” cable 

• If your device prompts you to “Trust” or “Allow data access”, select “No” 

These steps eliminate the risk of an unauthorized data handshake. 

If You Think You Plugged into Something Suspicious 

Take action quickly: 

• Stop using the cable or port and disconnect 

• From a known-safe device, change passwords for key accounts (email first, then financial, then work applications) 

• Confirm multi-factor authentication (MFA) is enabled everywhere 

• Monitor for unusual activity, including: 

• Unexpected MFA prompts 

• New Bluetooth or pairing requests 

• Login alerts you don’t recognize 

• Strange pop-ups or device behavior 

If anything appears abnormal, contact your IT or security team immediately. 

The threat is real but easy to avoid. Public USB charging is convenient, but it’s not worth the risk of exposing your device or your organization. 

Stay safe and stay vigilant, especially during travel. 
 
— ISI Cyber Security Team