Juice jacking: The airport cyber risk business travelers miss

Juice jacking is a cybersecurity threat where malicious USB charging ports can steal data or install malware on a device while it charges—posing a hidden risk to business travelers. Agencies like the TSA, FCC, and FBI have issued warnings, citing the difficulty in detecting compromised ports and the high stakes of corporate data breaches. Learn how travelers can reduce risk with simple precautions.

June 12, 2025

Juice jacking: The airport cyber risk business travelers miss

When your phone is dying and your flight is delayed, the nearest USB charging station feels like a lifeline. But this everyday convenience carries hidden dangers.

Juice jacking, a cyberattack that leverages public USB ports to steal data or install malware, has grown concerning enough that the TSA and FCC have issued warnings. Business travelers, often carrying sensitive data and corporate credentials, are especially at risk.

“Hackers can install malware at USB ports (we’ve been told that’s called ‘juice/port jacking’). So, when you’re at an airport, do not plug your phone directly into a USB port,” the TSA recently warned.

What is juice jacking?

Juice jacking occurs when a modified USB port or cable transfers malicious code or extracts data while delivering power. Because USB connections also transmit data, a tampered port can silently install spyware, ransomware, or keyloggers on your device, or siphon off contact lists, emails, credentials, and even access to cloud accounts. The device appears to charge normally, leaving the user unaware of the breach.

According to the FCC, while there are no verified public cases, the threat is real enough to merit caution.

“Malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator,” the FCC states. “Criminals can then use that information to access online accounts or sell it to other bad actors.”

Why business travelers should be especially cautious

Business travelers are uniquely vulnerable to juice jacking:

They often carry sensitive corporate data and credentials.

They depend on mobile devices for real-time work, often with limited charging options.

They are more likely to access proprietary systems, making compromised devices a bigger liability.

According to a report by IBM Security, the average cost of a corporate data breach is $4.88 million. A single compromised device due to juice jacking could serve as a vector into a corporate network, leading to widespread loss.

What makes this threat so difficult to detect?

Compromised ports look identical to normal ones. Some attackers may leave infected cables behind or attach devices that are nearly invisible to the average traveler. Even experts admit that spotting a tampered port with the naked eye is almost impossible. Devices may behave normally while malware installs in the background.

Common juice jacking attack methods

Data theft: Attackers use modified ports to steal photos, emails, contact lists, and login credentials.

Malware installation: Spyware, ransomware, or control apps can be silently installed.

Remote control: Some malware tricks devices into recognizing the USB connection as a keyboard, allowing attackers to execute commands.

The FBI's Denver office has also issued public warnings about juice jacking, emphasizing that attackers may use compromised USB ports to push malware that harvests sensitive business or personal data.

Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023

‍

7 smart strategies to stay safe

Use your own AC adapter: Charge via standard wall outlets with your own equipment to eliminate risk.

Carry a power bank: Pre-charged at home, it’s a safe and portable power source.

Use a USB data blocker: This small device blocks data lines while allowing power transfer.

Use charging-only cables: These cables are designed without data wires.

Enable “charge only” mode: Select this option on your device if available.

Keep software updated: Security patches close vulnerabilities used in these attacks.

Avoid free charging stations: Especially ones that seem hastily installed or too good to be true.

What to do if you suspect a compromise

Disconnect from Wi-Fi and cellular networks immediately.

Run a full scan with updated security software.

Alert your company’s IT/security team.

Change all major account passwords using a clean device.

Monitor financial accounts and credit reports.

Report the incident to the FBI’s Internet Crime Complaint Center (IC3).

If needed, factory-reset the device and restore from a known-clean backup.

Beyond airports: Other high-risk locations

Juice jacking isn’t limited to airports. Be cautious in:

Hotels

Cafes and coworking spaces

Conference centers

Shopping malls

Public transit

Each of these venues sees high daily foot traffic and frequently offers unsupervised USB access.

What companies can do to protect employees from juice jacking

Provide employees with company-approved power banks and data blockers.

Include juice jacking awareness in cybersecurity training.

Require devices to have up-to-date security software.

Create clear reporting protocols for compromised devices.

Ensure accessibility and awareness across all teams.

Build incident response plans specifically for mobile threats.

Final thoughts

Juice jacking may not yet be widespread, but it represents a real threat, especially to business travelers. With awareness and simple precautions, individuals and companies can protect data and reduce the risk of attack. When it comes to airport charging, always think before you plug in—your data could depend on it.

► You’ll also like: Your rights when flights go wrong: New airline refund rules