BlogLine

“Juice jacking”: A hidden cyber threat in public charging stations

9/23/25

By: Jason G. Weiss

In today’s hyperconnected world, our mobile devices are lifelines for both personal and professional communication. When batteries run low, travelers often rely on the convenience of public-charging stations in airports, hotels, coffee shops and other high-traffic areas. Yet, hidden in this convenience lies a cyber risk many people overlook: “juice jacking” (aka USB jacking).

What Is Juice Jacking?

Juice jacking is a cyberattack that leverages the dual functionality of USB ports. While USB cables deliver power to recharge a device, they also transmit data. Cybercriminals exploit this dual purpose by tampering with public charging stations or cables to install malware onto a device or surreptitiously extract sensitive data.

Once malware is installed, attackers can gain unauthorized access to emails, credentials and/or financial information; they can even deploy ransomware. What begins as a quick battery top-off can turn into a serious cybersecurity incident.  TSA has recently warned airport travelers about “juice jacking” attacks and ways to avoid them.

For individuals, juice jacking can mean identity theft, stolen data and compromised accounts. For businesses, the stakes are even higher. If an employee unknowingly connects a work device to a compromised charging station, attackers may gain a potential foothold into corporate systems. This can trigger data incidents, regulatory investigations and significant reputational harm.

Legal implications could also include:

• Data Breach Liability – Organizations could face litigation, regulatory scrutiny or class action lawsuits if sensitive customer or employee data is exposed.
• Compliance Concerns – Data privacy laws such as the GDPR, CCPA and HIPAA impose strict security requirements. A breach traced to negligent mobile device practices could create compliance liability.
• Incident Response Costs – Beyond fines and penalties, businesses may incur substantial costs for forensic investigations, breach notifications and remediation efforts.

Practical Steps to Mitigate Risk

There are some practical and easy ways to avoid juice jacking cyberattacks. These tips are especially relevant when USB charging points are located in public areas, such as gyms, hotels, airports and restaurants. Specifically, Asurion.com recommends:

• Use power outlets to charge your devices – not just a stand-alone USB cable plugged into a USB power port; data cannot be transferred using the power outlet option
• Only use USB cables that came with the device or were bought from a trusted vendor
• Ensure any charging cables you use are “charging” only and do not transfer data
• Invest in and use a USB Data Blocker device that keeps data from being transmitted through the USB cable
• Carry a personal charger. Using wall outlets and personal charging adapters eliminates reliance on public USB ports.

Conclusion

Juice jacking underscores how everyday conveniences can introduce unexpected cybersecurity risks. Both individuals and organizations must recognize that cybersecurity extends far beyond corporate networks, including the very devices people carry in their pockets. By adopting preventative practices and reinforcing training, businesses can mitigate the risks of this evolving threat and reduce their legal exposure.

For more information, please contact Jason G. Weiss at jason.weiss@fmglaw.com or your local FMG attorney.

Information conveyed herein should not be construed as legal advice or represent any specific or binding policy or procedure of any organization. Information provided is for educational purposes only. These materials are written in a general format and not intended to be advice applicable to any specific circumstance. Legal opinions may vary when based on subtle factual distinctions. All rights reserved. No part of this presentation may be reproduced, published or posted without the written permission of Freeman Mathis & Gary, LLP.