Juice Jacking Scams at Public Charging Points
How tampered public USB charging stations can install malware or extract data from connected devices while appearing to simply charge them.
Part of: Juice Jacking Scams
Last reviewed: 8 June 2026
Juice jacking is an attack that exploits the dual-purpose nature of USB connections — a single cable can simultaneously carry power and data. When you plug a device into a tampered public USB charging port, the attacker's hardware can potentially initiate a data transfer, install malware, or create a backdoor connection while your screen shows nothing unusual.
Public charging points in airports, hotels, cafes, and transport hubs are targets because the demand for phone charging is high and users rarely question the safety of a power socket. While the practical risk varies by device and operating system, the principle — that a USB port you do not control can transfer data as well as electricity — is real and documented.
How this scam works on public wifi
A charging kiosk in an airport lounge, hotel lobby, or shopping centre has had its USB ports replaced or compromised with hardware capable of data exchange. When you connect your phone or tablet to charge, the port attempts to initiate a device-pairing or data-access handshake. On modern devices, a prompt may appear asking to 'trust this computer' — a prompt many users accept without thinking.
If access is granted or the device is vulnerable, attackers can access files, contacts, and cached credentials, or install a persistent application that exfiltrates data over time. The charging continues normally, so the victim is unaware.
Common red flags
- A public USB port presents a 'trust this device' or 'allow data access' prompt on your phone
- Phone behaves unusually after using a public charging point: unexpected data usage, battery drain, or unfamiliar apps
- Charging port is a cable permanently attached to a public fixture rather than a standard power-only socket
- Device pairs to an unknown device in your Bluetooth or USB settings after charging
How to protect yourself
- Use only AC power sockets (wall plugs) with your own charger and cable in public
- Carry a portable battery bank to avoid relying on public USB charging entirely
- If you must use a USB port, use a data-blocking adapter (USB condom) that passes power but blocks data
- When prompted to 'trust' a charging connection, always decline
- Keep your device's operating system updated — patches reduce vulnerability to device-pairing exploits
How to report it
- Report suspected tampered charging points to the venue and local law enforcement
- Report cybercrime to your national cybercrime authority (IC3 in the US, NCSC in the UK)
- If you believe your device was compromised, perform a factory reset and change passwords on a clean device
Frequently asked questions
Is juice jacking a common threat?
Confirmed real-world cases are relatively rare compared to phishing, but the principle is well demonstrated in research settings. The US FBI and CISA have issued public advisories recommending avoiding public USB charging ports. The low cost of prevention (a data blocker or personal charger) makes it worth adopting regardless.