
Each year—especially in the lead-up to major holidays—the topic of “juice jacking,” the surreptitious theft of data via public charging stations, reemerges in headlines. While actual recorded incidents remain relatively scarce compared to the volume of warnings, official advisories continue to surface. This time, it is the United States Transportation Security Administration (TSA) that has issued a renewed caution to travelers regarding the potential risks.
The essence of juice jacking lies in its deceptive simplicity: a seemingly innocuous USB port at an airport or hotel may conceal a device capable of establishing a connection with your phone and covertly extracting data. This threat is distinct from so-called “malicious cables,” which have malware pre-embedded within the cable itself.
TSA advises against connecting your phone directly to public USB ports. Instead, travelers are urged to use personal power banks or TSA-certified adapters. According to the agency, “Hackers can install malware in public USB ports—this is what’s known as juice jacking.”
In the same advisory, TSA also warns against connecting to free public Wi-Fi—particularly when engaging in online shopping or entering sensitive information. While experts may debate the true scale of this threat, it is important to note that websites utilizing HTTPS do encrypt transmitted data. However, this does not imply complete immunity.
Austrian researchers have demonstrated that in certain cases, charging devices can not only establish connections but also simulate user actions to initiate data transfers. These techniques primarily affect Android devices, though iOS users are not exempt and should remain vigilant—especially when traveling in regions with elevated cyber risk.
One piece of advice: avoid unlocking your device while it is connected to unfamiliar hardware. Fortunately, recent versions of Android and iOS have enhanced defenses against data extraction over USB. For instance, both platforms now feature updates that automatically reboot devices that have remained locked for more than three days—thus reducing the risk of compromise via cable.
A vulnerability known as ChoiceJacking—exploiting on-screen option selection—has been patched in iOS/iPadOS 18.4 and Android 15. However, in the Android ecosystem, an operating system update alone does not guarantee security. Users are strongly advised to connect only to trusted computers and to ensure the system requests authentication via password or biometrics. If it does not, public charging ports should be avoided altogether.