Use your own charging equipment or a portable battery pack
A security company recently performed an experiment to find out how seriously people take their smartphone security when charging in public, and the results were alarming.
Authentic8 carried out the social experiment at the 2017 RSA Conference in San Francisco. The company offered attendees a free charging station, complete with cords and adapters. Eighty percent of the people who took them up on their offer used the station without asking about security.
According to Authentic8's head of marketing, Drew Paik, the problem is with USB cables, power adapters, and ports, not with wall outlets.
"I'm not aware of anything that's going to be able to infect you via an AC outlet, but random cables or random adapters can definitely be used to take over or exploit your phone, your mobile devices, or your laptops, or anything else you might plug into it," Paik said. "It's really just a two-way conduit at some point—power and data."
USBs are designed to transfer data as well as charge devices, so they are perfect for stealing data. A Kaspersky Lab spokesperson described the moment when a device connects to a USB port as a "handshake" during which data is automatically transmitted.
"Even when a mobile phone is in 'charging only' (locked) mode, it can still transmit the device name, vendor name and serial number to the system behind the USB port, and more based on the platform and operating system of the phone," the spokesperson noted.
The best thing you can do to protect yourself is to use your own USB equipment and plug them directly into an outlet in the wall. If you can't find one, use your own portable battery pack. And don't use random USB ports.
"A USB port can be a system that gathers data about the devices that are connected to it, a flawed power source, a powerful capacitor, or a computer that installs a backdoor on your device," the Kaspersky spokesperson said. "You simply cannot know before you plug in your device—so don't."
The spokesperson also recommended leaving the device alone while it's charging rather than unlocking and using it; using proper encryption whenever possible; and using secure containers.