Can a public cell phone charger raid your phone?

A bar near me had small kiosks on the bar top. Each had a small screen that showed local advertising. They had USB plugs for charging cell phones. But if an unscrupulous person designed them it seems like it leaves your phone wide open unless you use a charge-only cord, not a data cord. But who carries those around with them?

A Google search shows there are many different styles of public chargers.

It is a concern, but it seems the threat is more theoretical than actual.

I went on holiday to India, and stayed the first night in a Hari Krishna run hotel in Mumbai… it was cheap and I like their food.

I had a fairly old school iPod at the time, which I would have thought invulnerable due to obscurity, but as soon as I plugged it into the charging point I got several malware applications installed. The most irritating one renamed all my music to “.band/albumn/songname” - the iPod could not recognise the leading “.” which usually signifies a hidden file.

I doubt the Hari Krishnas were aware.

It took some time and effort to remove them from the iPod so it could be useable again. Ironically, the only reason I was using the iPod, was that using it as a flash drive allowed me to use standalone versions of software (Firefox, particularly) to avoid spyware.

So to answer the OP, yes. Unfortunately.

When I plug my Google Pixel phone into my computer, if I want to do any sort of file transfer I have to go into the menus on the phone to tell it that it’s supposed to use the connection for file transfer and not just for charging. I’m pretty sure the charger can’t start cramming malware into my phone unless I take those steps first.

It’s been a while since I plugged my wife’s phone into my computer, but ISTR the same sort of situation, i.e. I had to take deliberate steps to enable data transfer.

More recently I plugged a late-model iPod into my computer, and yes, I did have to tell it to trust my computer before it (the iPod) would allow songs to be downloaded.

Do you recall when this happened, or what version of iOS you were using at the time? My current iPod is a recent replacement for a 2008-vintage iPod that was so old it wouldn’t update to the latest version of iOS (which kept the Bluetooth link from functioning properly). I’m wondering if your old version of iOS didn’t include the “trust this computer?” routine that would have protected you from being jacked.

Your phone also has to be unlocked before a device has data access to it.

Not necessarily, what Pegasus can do others can copy, see zero-klick exploit. With more or less sofistication, with USB drives, e-mails or SMS, or simply connecting to a charger, it will always remain possible in theory. As others have said it is not very frequent, and if that changes, the media will report it because it would be big news.
But if someone wanted to hack you, personally, they would use other means, not a charging port, probably. And you would not notice until it is too late, except if your phone is constantly monitored by security experts (see, for instance, the chapters on “use by country” in the Pegasus article linked above).

In my experience, Android phones do not even show up as being a connected device in Windows until you unlock the phone. I haven’t found any mention of Pegasus being able to bypass the security on a locked phone by USB.

They would not tell us, that is clear. I am sure it is possible, but I am also sure few people or organisations have access to those exploits, and it is highly probable that you or me are not on a list of targets for them. It would be a waste of a valuable ressource to use that on us.

Whenever I plug my Galaxy S22 (or any previous android phone) into a USB plug it always ask me if If I want to enable data transfer or charge only. I doubt if an old iPod or USB stick has this security option, but modern, updated phones should all do this. At least I thought that they did, am I incorrect in this assumption?

If all the software in Andriod (or equally iOS) was defect-free that would be true.

But if there’s an exploitable gap in the software’s security, someone can exploit it. Whether that particular kiosk has such malware is unknowable in advance.

A charge-only cable is a highly reliable hardware condom to protect your buggy eggs from the determined malware swimmers. All umpteen thousand of them.

May I suggest something that would make the OP’s concern moot? For @75 dollars, you can get a charging pack that, when fully charged itself, holds enough juice to fully charge a cellphone twice. When I do need a charge while on the run, that covers things quite nicely virtually all the time. If you do need a charge, you can charge the power pack instead of your phone. Since it is dumb hardware, it is immune to “juice jacking”.

For a bar, sure. But those aren’t ideal for airports, as they expect you to check any lithium-ion batteries that aren’t part of a device, and most of those power banks are just a large array of those batteries.

My SiL routinely carries hers in her purse and has gone through many an airport checkpoint without a problem. Perhaps they consider it cellphone paraphernalia and thus okay, or perhaps they are just doing a shoddy job. LOL

Even if you had to check it in an airport, you wouldn’t have to check a charging cord, and I have to believe that USB charging on an airplane is safe.

I remember reading an article about this a few years ago when the risk was first identified. I dont recall the details, but I do remember the suggestion to just use your wall wart for charging if you have reason to be concerned. Airports, airplaines, and other public charging locations always have regular outlets for laptops and other devices, along with the USB plugs, so that’s what I’ve been doing, even if the risk is overblown with current generation smart phones.

I hope you’re quoting a price is some kind of dollar worth considerably less than the US version, because if you pay US$75 for a USB charger pack you’re either getting some kind of gold-plated deluxe version or getting ripped off.

As long as the amount of energy storage is below a set limit (26800mAh, which is why you occasionally see that odd-looking stat on higher-end* charger packs) and you’re not bringing a whole passel of them, airport security won’t have a problem.

*still not worth paying US$75 for, though

Outside of Hawaii and the San Francisco area, greater Chicago may be the most expensive place to live in the U.S. If not, it has to be close to it. Took a bud to dinner last night for her birthday. We went to La Fiesta, not anything close to an upscale restaurant. We had 4 drinks, a tamale dinner and a taco dinner. The cost was $72 BEFORE tip. So, in terms of getting “ripped off”, it’s pretty much a way of life around here. LOL

In early 2010, and the iPod was already a few years old.

The end result was a somewhat annoying use of a phone (with Indian SIM card) to research how to fix the problem, and then finding a safe place to connect it, to resolve the problem.

So asking an internet cafe to disconnect from their network for a while, then run an antivirus scan… it’s challenging in English, let alone mixed Hindi/English. Fortunately we found a place where the staff were reasonably technically oriented and understood the problem.

As is usual in life, it got stolen from my desktop at work a couple of months after I returned from India by some people fixing the doors and windows.

I hope I did not clear all the malware, and those gentlemen now have the same issues.

Actually the other way around - from the FAA

Spare (uninstalled) lithium metal batteries and lithium ion batteries, electronic cigarettes and vaping devices are prohibited in checked baggage. They must be carried with the passenger in carry-on baggage. Smoke and fire incidents involving lithium batteries can be mitigated by the cabin crew and passengers inside the aircraft cabin.

Ignorance fought! I must have read that backward.

TSA wants you to carry on spare batteries and powerbanks, not check them: