So this has been going on for a while, and nobody noticed, or its new and I'm shocked it took so long for someone to think of it.

[shortylickens]

Public phone chargers are now skimming you.

And really I am not even surprised. Am sad the feds are only just today warning people. God knows how many have been ripped off.

Unrelated: I had credit cards for about 20 years, no problems. Used the gas pumps in virginia for 10 years, no problems.
THE FIRST TIME I visit a gas pump in maryland, my card got skimmed. (I was not familiar with the pump and its facade).
That night somebody in chicago was using a fake card with my name and number on it.
It had a chip by the way.
Chips do not make your card any safer.

Worst part?
Navy Federal is USUALLY pretty good about alerting me to fraud charges. This time, some how, they didnt notice I was repeatedly alternating between sales in Virginia and Illinois in like a 5 hour period.

 

[purbeast0]

"94 reported hacking cases in 2021... it's unknown how many of those were USB related."

Great reporting there. It could be 94, it could be 0.

 

[Amused]

It's a theoretical attack called Juice Jacking.
And it's still theoretical.

Juice jacking - Wikipedia

en.wikipedia.org

What shocks me is the total lack of tech knowledge in that bit.
You need a storage device for the malware to upload from.
First, did they find one? Did they find a tampered with USB charging station? None are metioned. In fact, they can't even verify is someone was hacked through USB.
Second, most phones (all newer phones) have a firewall that allows charging only unless you OK data transfer.
Third, I'm willing to bet all of the people were hacked through honeypot "free wifi"

 

[MtnMan]

Public phone chargers are now skimming you.

And really I am not even surprised. Am sad the feds are only just today warning people. God knows how many have been ripped off.

Unrelated: I had credit cards for about 20 years, no problems. Used the gas pumps in virginia for 10 years, no problems.
THE FIRST TIME I visit a gas pump in maryland, my card got skimmed. (I was not familiar with the pump and its facade).
That night somebody in chicago was using a fake card with my name and number on it.
It had a chip by the way.
Chips do not make your card any safer.

Worst part?
Navy Federal is USUALLY pretty good about alerting me to fraud charges. This time, some how, they didnt notice I was repeatedly alternating between sales in Virginia and Illinois in like a 5 hour period.

As long as there is a mag stripe on the card, it's low-hanging fruit for skimmers.

 

[nakedfrog]

You need a storage device for the malware to upload from.
First, did they find one? Did they find a tampered with USB charging station? None are metioned. In fact, they can't even verify is someone was hacked through USB.
Second, most phones (all newer phones) have a firewall that allows charging only unless you OK data transfer.
Third, I'm willing to bet all of the people were hacked through honeypot "free wifi"

That was the part I was wondering about, any time I plug my phone into something other than a plain charger, it asks if it should be allowed data access. So, unless there's an exploit to bypass that...

 

[[DHT]Osiris]

That was the part I was wondering about, any time I plug my phone into something other than a plain charger, it asks if it should be allowed data access. So, unless there's an exploit to bypass that...

There is, but I doubt anyone's going to bother with stuffing them into airport chargers or some shit. It's far easier to just exploit wireless vulnerabilities.

This sounds more like something that would be tried at a hacking expo or something.

 

[akugami]

Not new. Something I already know about. Whether juice jacking is theoretical or not, it's not something I want to find out about first hand.

Just like you _DO_NOT_ go around sticking your dick in a strange hooker in the street without protection. You _DO_NOT_ go around sticking your phone into a strange USB charger. You can buy specific charging only cables with no data. Also, don't just plug in any strange USB stick you found on the street. Some of those are loaded with malware.

Chip cards are very secure. There might be some theoretical or sophisticated hack involving them, but it would be very high end stuff and beyond the reach of most people on the streets buying credit card skimmers. The problem is many many credit cards still provide magstripes as a backup, and the credit card still has visually readable CC#, EXP Date, and CVV code.

Even most gas stations that read the chip card require you to insert the card, thereby getting your CC# read if there's a skimmer. If the gas station terminal has NFC (Apple Pay, Google Pay, card NFC), I'd use that instead. No way for the credit card to slide across any skimmer, and NFC is very secure.

 

[MtnMan]

Public phone chargers are now skimming you.

And really I am not even surprised. Am sad the feds are only just today warning people. God knows how many have been ripped off.

Unrelated: I had credit cards for about 20 years, no problems. Used the gas pumps in virginia for 10 years, no problems.
THE FIRST TIME I visit a gas pump in maryland, my card got skimmed. (I was not familiar with the pump and its facade).
That night somebody in chicago was using a fake card with my name and number on it.
It had a chip by the way.
Chips do not make your card any safer.

Worst part?
Navy Federal is USUALLY pretty good about alerting me to fraud charges. This time, some how, they didnt notice I was repeatedly alternating between sales in Virginia and Illinois in like a 5 hour period.

This has been known for a long time, at least to those that pay attention.