A concerning new cyberattack, dubbed “Choicejacking,” is making headlines, raising alarms about the security of public phone charging stations. Unlike previous “juice jacking” attacks that relied on malware, Choicejacking exploits vulnerabilities in device communication protocols to surreptitiously gain access to sensitive phone data, often without the user’s explicit consent.
Security researchers from Austria’s Graz University of Technology have demonstrated how malicious charging stations can manipulate smartphones into enabling data transfer or debug modes in mere milliseconds. This bypasses the typical “Trust this computer?” or “Charge only” prompts that users have come to rely on as a safeguard. Once a device is compromised, attackers can gain access to a treasure trove of personal information, including photos, messages, documents, and even application data. In some unsettling cases, the researchers were able to extract files from locked devices.
The insidious nature of Choicejacking lies in its ability to simulate user input, tricking the phone into accepting data connections it otherwise wouldn’t. This can involve exploiting flaws in how devices handle USB communication, buffer overflows, or even mimicking keyboard inputs to automatically select data transfer options. The cost of building such a malicious charger is reported to be less than $100, making it a potentially accessible tool for unsophisticated attackers.
While major mobile operating systems like iOS/iPadOS 18.4 and Android 15 have begun integrating mitigations that require biometric authentication or passwords for data transfer, older devices and those not yet updated remain particularly vulnerable. Cybersecurity experts are urging the public to exercise extreme caution when using free public USB charging points found in airports, bus stands, cafes, and hotels.
To protect yourself from Choicejacking and similar threats, experts recommend several precautions:
- Avoid public USB charging stations: Whenever possible, use your own wall charger plugged into a standard electrical outlet.
- Carry a portable power bank: A personal power bank eliminates the need to rely on potentially compromised public charging points.
- Utilize a USB data blocker (or “USB condom”): These small adapters allow power to flow through but block any data transfer, effectively turning a data cable into a charge-only one.
- Keep your device locked and updated: Ensure your phone’s operating system is always on the latest version, as updates often include crucial security patches. When charging, ensure your phone is locked.
- Be vigilant with prompts: Even with the latest updates, if your phone displays any unexpected prompts about data transfer while charging, always select “Charge only.” If a prompt appears without you initiating it, unplug immediately.
The rise of Choicejacking underscores the evolving landscape of cyber threats and the critical importance of digital hygiene, even in seemingly innocuous situations like charging a phone.
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
