It seems that the TSA isn’t going to take a quiet week off. When they’re not announcing updates to identification documents to the RealID standard, they’re opening security checkpoints just for families with small children.
Not only they have spent the summer explaining what you can and can’t carry in your carry-on luggage, but now they’ve decided to do a mental review of all the ways hackers can access the digital information of travelers who are too distracted to realize they’re easy prey.
And no, we’re not talking about the kind of traveler who leaves their suitcase unattended and goes to the bathroom for a moment. Something as silly as charging your cell phone in a USB port—instead of with a full plug-in charger—can leave you completely exposed. One slip-up, one thoughtless charge, and you’ve given hackers access to your most vital device, where they can install malware.
TSA: the overbearing agency that only wants your security
Although they may seem harmless, USB charging stations at airports can be a breeding ground for spyware. It doesn’t matter if the charging station looks legitimate (many are set up by the airport itself or a company that wants to advertise), all it takes is one person posing as a traveler or employee to disrupt the system and sneak in software that captures all your data and passwords.
This concept is called “juice jacking”: a USB port that secretly transfers all the data it collects, or installs malware (created for the same purpose) without you realizing it. This isn’t some eccentric TSA paranoia; both the FBI and the FCC have also classified it as a hacking practice.
Although it may seem like the end of the world, it’s easy to avoid falling into this trap. Carrying a home plug charger with you ensures that you will only connect it to the mains. If you know you’re going to have a long layover at the airport, you may want to invest in a PowerBank so you can charge your phone independently and don’t have to search for outlets throughout the terminal. (If you carry an external battery with you, remember to show it at the TSA checkpoint along with your other electronic devices and carry it with you in the cabin.)
Your iPhone might be at risk
Just as we often leave home and leave our WiFi access open (which is not recommended, for the same reasons we give here), your iPhone comes preconfigured to accept any connectable accessory when it is unlocked. That’s great when you’re at home, but not when you’re at an airport terminal with thousands of people passing through.
To prevent malware from being installed, Apple gives you the option to change the settings to something much stricter. To do this, go to Settings → Privacy & Security → Wired Accessories. In the data access section, choose “Always Ask” or “Ask for New Accessories.” This way, your phone will ask for your permission before exchanging information. If a pop-up appears on your phone asking if you want to exchange information while charging your phone with a cable that is not yours, you know what to do. Deny the operation and find an airport employee to report the incident.
How to keep your phone —and data— safe
Okay, we know you shouldn’t charge your phone with a charger that isn’t yours. But did you know that leaving WiFi on your phone also makes you more vulnerable? That’s right. When you leave home, you should activate your data and turn off the WiFi option. That way, your smartphone will stay on its mobile network and won’t try to connect to every open WiFi network it encounters.
Not only will you save battery life, but these open WiFi networks—which unfortunately tend to be breeding grounds for viruses—won’t be able to steal data from your mobile device. The TSA has already told us: be good, bring a mobile charger from home, and don’t charge with strangers.