Why You Should Think Twice Before Charging Your Phone at Airport Kiosks

The concern is that hackers can install malware or monitoring software onto your device through a compromised USB port, potentially siphoning off files, passwords, or even locking your phone until you pay a ransom.

Rudy Blalock

Published: 7/2/2025, 2:58:22 PM EDT

Why You Should Think Twice Before Charging Your Phone at Airport Kiosks — Free charging plug outlet at an airport terminal in a file photo. (Shutterstock)

As travelers navigate airports, the temptation to plug a dying phone into a free charging kiosk is hard to resist. However, cybersecurity experts and federal agencies are urging caution, warning that these public USB ports could expose your device to a cyber threat known as “juice jacking.”

Juice jacking is a term that combines “juice,” slang for battery power, with “jacking,” as in hijacking.

“Hackers can install malware at USB ports (we’ve been told that’s called ‘juice/port jacking’),” the Transportation Security Administration (TSA) said in a post on Facebook.

The Federal Communications Commission (FCC) explains that malware installed this way can “lock a device or export personal data and passwords directly to the perpetrator,” who may then access your accounts or sell your information.

How Real Is the Threat?

Despite warnings, both the FBI and Federal Communications Commission (FCC) acknowledge a lack of documented cases.

The FCC notes, “Although ‘juice jacking’ has been demonstrated to be technically possible as a proof of concept, the FCC is not aware of any confirmed instances of it occurring.”

Real-world incidents have shown that USB-based attacks are part of broader cyber-espionage campaigns. In early 2023, cybersecurity researchers investigated a malware outbreak at a European healthcare institution that was traced back to a compromised USB drive. The attack was linked to a Chinese espionage group known as Camaro Dragon, also referred to as Mustang Panda or LuminousMoth by different security teams.

The malware, called WispRider, was designed to spread itself via USB drives and included advanced features to evade antivirus detection and use legitimate software components to mask its activity. This incident affected organizations in countries such as Myanmar, South Korea, Great Britain, India, and Russia, well beyond its intended target, according to Check Point Research.

Separately, U.S. authorities recently exposed a network of Chinese hackers-for-hire, including employees of the company i-Soon, who carried out widespread cyber attacks at the direction of Chinese regime agencies.

The Department of Justice revealed in March that these hackers targeted a range of victims, from U.S. government agencies and religious organizations to foreign ministries and news outlets, using sophisticated techniques to steal sensitive data. The hackers operated both on behalf of the Chinese regime and for profit, selling stolen information to various state agencies and other buyers.

Why the Warnings?

The risk, while not widespread, is technologically possible. Demonstrations at hacker conferences have shown that malicious charging kiosks can compromise devices, and researchers have confirmed vulnerabilities in both iPhones and Android phones in controlled settings, according to information from AARP.

The main danger comes if a device’s software is out of date or if a user inadvertently grants data access when prompted after plugging in.

How to Stay Safe

Federal agencies and cybersecurity experts recommend several precautions:

Avoid public USB ports. “Avoid using free charging stations in airports, hotels or shopping centers,” the FBI Denver office said in a post on X, warning that “bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”
Bring your own charger and cable. Plug directly into an electrical outlet, not a USB port, using your own equipment.
Carry a portable battery pack. The TSA and FCC both suggest bringing a TSA-compliant power brick or external battery.
Use charging-only cables or USB data blockers. These devices prevent data transfer while charging, reducing the risk of malware, according to the FCC.
Keep your device software updated. Experts say that up-to-date software is the best defense, as most attacks exploit vulnerabilities that patches can fix.
Be wary of public Wi-Fi. The TSA and FCC also warn against using free public Wi-Fi for sensitive transactions, as these networks can be targeted by cybercriminals.

While the likelihood of falling victim to juice jacking appears low, experts agree that taking simple precautions can help travelers avoid unnecessary risks.

As the TSA put it: “Cybersecurity has never been more important.”