The FBI is warning people to not use public phone charging stations as hackers have been taking advantage of the situation to infect connected devices with malware.

“Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”

Hackers use dirty USBs at public charging stations to infect devices with malware, it’s known as “juice jacking.” Many malls, airports, hospitals, restaurants and other public convenience stations have charging stations that are used regularly by customers. The agency has recommended that consumers carry their own USB cables and charging plugs and use AC electrical outlets.

What Is “Juice Jacking”

The Federal Communications Commission (FCC) has also alerted consumers to the dangers of public USB charging stations.

Charging devices in public places could have “unfortunate consequences,” the FCC stated in an advisory.

“Cybersecurity experts have warned that criminals can load malware onto public USB charging stations to maliciously access electronic devices while they are being charged. Malware installed through a dirty USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can use that information to access online accounts or sell it to other bad actors,” the FCC stated.

“In some cases, criminals have left cables plugged in at the stations. Fraudsters may even give you infected cables as a promotional gift.”

For a majority of devices, including Android and Apple, the power supply and data transfer pass through the same cable. When the mobile device connects to the charging cable, it pairs with the device and establishes a trusted relationship, which applies to data transfer. During the charging process, hackers open a pathway into the device, using the USB connection, which they subsequently exploit.

With the proliferation of recent hacking attempts, the FBI and FCC advisory has only become more important.

How Hackers Benefit

Many people assume that charging for a few seconds won’t be a cause for concern. However, “crawling programs” can breach devices, search for essential information—such as personal and financial data, credit card information, and bank details—and copy them to the hacker’s system within seconds.

Other types of malicious software can clone the entire device. Cybercriminals use this data or sell it on the dark web for profit. The data can also be used by other bad actors for social engineering campaigns and other purposes.

Hackers can do this all at once or gradually over time. The device’s original user might not even realize that their phone or laptop is infected. After the malware is installed, the hacker can track the GPS, observe financial transactions, gather gallery data such as photos and videos, maintain call logs, and monitor social media interactions.

Hackers will have everything to impersonate the individual.

Once the malware is installed, hackers can control the devices and install ransomware. In this scenario, the user needs to pay money in order to regain access to their device, and hackers can use one device to gain access to other connected devices.

Some of the telltale signs that indicate that a device is infected with malware are if the device consumes more battery life than usual, operates at a slower speed, takes much longer to load, and crashes frequently from abnormal data usage.