Airport phone charging revisited: Is it safe to juicejack your device?
In the digital age, we've grown accustomed to the convenience of public charging stations. However, a new threat has emerged that could compromise the security of our mobile devices – ChoiceJacking.
First introduced by cybersecurity investigator Brian Krebs in 2011 as a variant of the known juicejacking attack, ChoiceJacking is a sophisticated evolution that tricks smartphones into enabling USB data transfer without user consent [1][2][3]. This is achieved by emulating input devices like keyboards or mice via USB or Bluetooth, allowing attackers to bypass security prompts and gain unauthorized data access or even install malware [1][2][3].
How ChoiceJacking Works
The attack uses malicious public chargers or cables to simulate user input commands. On Android devices, it exploits the Android Open Accessory Protocol (AOAP) and Android Debug Bridge (ADB) to hijack system input, switching the USB connection mode silently to data-transfer [1][2][3]. On iOS devices, it mimics a Bluetooth accessory to establish a connection that allows limited data access, but not full system control [1][2][3].
Current Impact and Response
The attack has been successfully tested on major phone brands such as Xiaomi, Samsung, Google, and Apple. Six out of eight of these manufacturers have issued patches or are in the process of patching the vulnerability as of late July 2025 [2]. However, the attack remains a serious threat, particularly with the widespread use of public charging stations in airports, hotels, and cafes.
How Users Can Protect Themselves
To stay safe from ChoiceJacking, users are advised to avoid using public USB charging ports or cables not personally controlled. Using personal power banks or charging from wall outlets using your own charger and cable is a safer alternative. Enabling “charge only” mode on devices, if available, disables data transfer via USB.
Keeping your mobile operating system and security software fully updated is also crucial to benefit from vendor patches addressing this vulnerability. Android’s Lockdown mode or similar security features that limit USB access can provide an additional layer of protection, but these often require manual activation each time unknown chargers are connected [1][2][3][4].
Lastly, locking phones when not in use and avoiding unlocking in public places can reduce the risk from related attacks.
While new protections are being developed and deployed, the best current defense against ChoiceJacking is proactive user caution around charging practices combined with up-to-date software [1][2][3][4]. By staying vigilant and informed, we can continue to enjoy the convenience of public charging stations while minimizing the risk to our digital security.
[1] Research Paper: ChoiceJacking - A New Evolution of Juicejacking Attacks [2] Article: Major Phone Manufacturers Patch ChoiceJacking Vulnerability [3] News: ChoiceJacking: The Latest Threat to Your Mobile Device Security [4] Guide: Protecting Yourself from ChoiceJacking Attacks
