You make it through the TSA security checkpoint at the airport — whew — and arrive at the airport waiting area with time to waste before your flight is called.
What’s the first thing you do?
I bet you immediately log onto the airport’s free Wi-Fi and then look for USB ports or power outlets to give your devices one last charge before you board. And there never seem to be enough of those, right?
💵💰Don’t miss the move: Subscribe to TheStreet’s free daily newsletter💰💵
Airport waiting areas tend to have these freebies that can be lifesavers for travelers, and they seem so simple.
All you generally have to do to gain access to Wi-Fi is scan a QR code, or answer a short survey, and you’re on. For power, it’s even easier: plug in.
But ahead of one of the busiest times of year for travel, leading up to the Fourth of July holiday, the TSA recently issued a warning on social media: “When you’re at an airport, do not plug your phone directly into a USB port.”
It’s the kind of warning that could go unheeded, right up until you realize your credit card has been hacked and your personal data is floating around on the dark web.
The TSA is warning passengers their personal information is at risk if they use some airport services.
Image source: Joe Raedle/Getty Images
Cybercriminals are scamming airport passengers
“Hackers can install malware at USB ports (we’ve been told that’s called ‘juice/port jacking’),” the TSA said.
This latest TSA warning aligns with previous advisories issued by the FBI and the Federal Communications Commission (FCC), as well as ongoing alerts from cybersecurity experts. And it’s not just charging ports that pose a problem.
Related: TSA quietly cracks down on popular travel essential
The FCC cautioned against using free airport WiFi, particularly when shopping online and entering personal details.
While convenient, public WiFi networks are notoriously easy to hack: “Malware installed through a corrupted USB port can lock a device or export personal data and passwords directly to the perpetrator. Criminals can then use that information to access online accounts or sell it to other bad actors,” the FCC said.
Norton (NLOK) , the cybersecurity company, warns that unencrypted hotspots “transmit data in plain text, making them vulnerable to cybercriminals with the right tools.” That means everything from your Amazon login to your banking credentials could be exposed to hackers lurking on the same network.
And that’s not the only threat travelers need to watch for.
More on travel:
U.S. government issues serious warning for cruise passengersDelta Air Lines makes a baggage change that travelers will likeUnited Airlines passenger incident triggers quick response
Earlier this year, former flight attendant Barbara Bacilieri, who shares travel tips with her millions of social media followers, claimed that some thieves are buying the cheapest plane tickets just to get past security and access the terminal’s more lucrative targets, including passengers and duty-free stores.
She says some go even further, allegedly using handheld scanners to skim data from credit cards without ever removing them from your wallet. Victims often don’t realize anything is wrong until days or even weeks later, when an unfamiliar transaction — sometimes from overseas — appears on their statement, as reported in The Daily Mail.
Related: The real Real ID requirements that the TSA is following
TSA, FAA, and FCC warnings for travelers
So instead of “juicing up” your devices using the free ports at the airport, security officials recommend bringing your own “TSA-compliant power brick or battery pack.”
Since the TSA has been quietly cracking down on the batteries allowed through security, however, you’ll want to make sure your devices are compliant.
Here’s what the FAA now says about lithium-ion batteries and power packs:
Batteries must be under 100 watt-hours (Wh) unless the airline gives explicit approval.Power pac/sbanks must clearly labeled to show Wh rating.Unlabeled, oversized, or suspicious-looking chargers are at risk of being confiscated.Carrying multiple devices may result in additional screening or confiscation.
And here are some FCC tips that will help you avoid juice jacking:
Pack AC, car chargers, and your own USB cables when traveling so you can use AC outlets.
Carry an external battery (see recommendations above).
Carry a charging-only cable, which prevents data from being sent or received while charging.
If you plug your device into a USB port and a prompt appears asking you to select “share data,” “trust this computer,” or “charge only,” always select “charge only.”
Related: Veteran fund manager unveils eye-popping S&P 500 forecast
