Despite the TSA’s Warning, Airport Chargers Probably Aren’t Dangerous

Have you been told you not to load your phone at the airport? Many of us have major government agencies like the FBI, no less. The conversation is back in the news, in a confused way, from a March article on the official Facebook page of the TSA. Like the FBI, the TSA warns us to avoid both USB ports and WiFi networks in public places, such as airports – and that does not seem that many things have changed their point of view in the four months they have posted.

The message itself, in my humble opinion, is weird. It reads less as a PSA from an official security agency, and more as a publication of social media lined by a summer trainee. The biggest red flag for me is this sentence, which reads I would like to think that an agency like the TSA does not need to say to what extent a supposed security threat is called.

But ignoring the lack of authority in the style of the post, the warnings themselves are a little strange. From where I am sitting, there are few legitimate reasons to arouse panic on these two security problems. Let’s each look individually:

Are public USB ports sure?

The concern here is that bad players can infect these ports accessible to the public with malware, so when you plug, malware sets up on your device. This is called juice or porting.

It is not that juice seems impossible: malware can be delivered in several ways. This is no longer the fact that there was no known case of what is happening in nature – with regard to an educational example in Defcon 2011. Could FBI and TSA be aware of the attacks that the public is not? Of course. But I am not sure that the USB ports of the airport are massive but silent malicious software spreaders. This would force the bad players to buy plane tickets, to enter the secure area of each airport and take the time to infect each port. Again, possible, but, in my opinion, unlikely. Why do this when it is much easier to encourage users to install malware from fraudulent websites?

Bad players should also cope with USB cables that only charge, without support for data transfer. Maybe your cable allows data transfer, but maybe someone else does not. Even if yours, many modern smartphones force you to grant permission to access the USB device before you can launch a data transfer. Without this authorization, the connection will only charge your device. If it is true that the researchers have found ways to get around these defenses, there are too many variables for it to be an effective malware installation method, and if I was a hacker, I don’t think the juice was worth it.

That said, there may be USB ports manipulated in airports, and the cases of Jacking of FBI and TSA are aware, but do not disclose the public. You have some options if you need to charge at the airport safely.

The first is to use a “” USB “” USB condoms essentially transform any cable into a charging cable only, blocking all data transfer capacities. If you have a USB cable which otherwise would happily install malware on your device, a USB condom will block this activity, so that you can load in complete safety and safe. To load your devices safely at the airport: simply use wall outlets.

Is public wifi sure?

The second warning advises travelers not to use free public wifi, especially for online purchases or enter sensitive information. It is good advice, for 2015. At the time, most websites were not encrypted, which meant that your Internet traffic was exposed to anyone who knew how to access it. This is one thing if you checked the titles of the New York Times, or if you watched a YouTube video: the hackers could see this traffic, but there was not much to do with that except raping your privacy. But if you have entered sensitive information on the sites, such as passwords or sites accessible with private data, such as your bank’s website, you have a security situation. This is why the (good) old advice was to avoid using public wifi, especially for these types of activities.

Since 2018, however, the vast majority of websites you visit are encrypted. It means even if you use public wifi without Crying, real web traffic is protected. Pirates will not be able to see the information you enter on these sites, as long as it is actually encrypted.

So, if you use public wifi – in particular public wifi without a certain type of password protection – just remedy the website itself encrypted before connecting.

Now you will always want to make sure that the website you visit is not only encrypted, but legitimate. Phishing sites can also use HTTPS, so make sure you really visit your bank’s website before connecting your information. This advice, of course, applies if you use public wifi or your WiFi at home anyway. You can also protect your web browsing even more with a VPN, which reduces your traffic to make it much more difficult to follow you. You could connect via Denver airport, but your traffic might seem to come from Japan, Panama or Iceland.