Skip to main content

NEW YORK (MainStreet) -- People who plug their phones into random charging stations may be in for an unpleasant surprise.

Every time they connect to charging kiosks that use USB cables, they run the risk of having the data on their phones lifted by the person or company who runs the kiosk, according to a post by Brian Krebs, a cybercrime expert, on his blog

Krebs on Security


As Krebs points out, three security researchers recently built a charging kiosk specially designed to download the photos and contacts stored on smartphones that connected to it, to educate consumers about the risk. This hack has been labeled juice-jacking for being the digital equivalent of getting carjacked.

When you plug your smartphone into a charging kiosk, your photos, contacts and data may be susceptible to theft.

To understand how this works, think about the way you normally charge your smartphone at home. You can either plug the phone into a wall outlet using a power cord or to a computer with a USB cord, which not only charges the phone but lets you transfer data to and from the computer.

Smartphone owners don't realize that charging their smartphone with a USB cable elsewhere leaves the phone open to the same kind of data connection they make at home, except with devices that do not belong to them, Krebs says. If the wrong person or company runs it, your data could be in jeopardy.

"Granted, a charging kiosk at an airport may be less suspect than, say, a slightly sketchy-looking tower of power stationed at DefCon," Krebs wrote, noting the event where the researchers tried out their modified kiosk. "But some people will brave nearly any risk to power up their mobiles."

Scroll to Continue

TheStreet Recommends

As a general rule, Krebs recommends using only a power cord to charge your phone when outside your home or office, since these cords do not transmit data from the phone. If you have only a USB cable on you, Krebs suggests turning off the phone before you charge it, as the researchers found data is not susceptible this way.

Other security experts

suggest also tweaking your settings to require a password to transmit data.

>To submit a news tip, email:


Follow on


and become a fan on