Recently, the TSA has adopted another scare-tactic, warning people that charging their phones at airports might infect their phones with viruses which will steal their identities and personal information (including credit card data).
Well, first off; this threat is WAY overblown! There is no known technology which can do this under any circumstances other than a laboratory environment with very controlled conditions which the average person would never face in public. But let's examine why (and, I happen to know a bit of what I am talking about here).
First...in order to anything to "infect" your phone, or any other device, there has to be an intelligent mechanism nearby (i.e. like a storage device and a processor). Even if it's networked...which would mean the airport is "in on" the hack...there still has to be a storage device to host the malicious software. No airport would voluntarily participate in such a caper.
Secondly, your phone (or other device) would have to be set up to willingly accept downloads from any unknown source. Anyone with even reasonably updated OS's and even OEM virus protection would never allow this. Not ever. At minimum, you have to give your mobile device permission to accept a download, and you will be presented with numerous options to prevent its installation. Even beyond this, there is no way, other than the lowest IQ, who would allow their device to be taken over even for a second by a 3rd party. Now, people ask about 3rd party WiFi at airports (something I know about quite well). Yes, a user will be asked to accept certain terms and agreements, BUT, this is the ONLY allowance permitted on a device. Side note - Just think about this for a moment...if an airport or other public space knowingly allowed damaging or criminal malware and/or viruses to be inserted into their devices, how long do you think these networks would be deemed acceptable before they became the subject of every hacker blog and sensationalized news site on the planet? Like 5 minutes maybe? Bottom line, they'd be taken down instantly. BUT, there's more. ...
Malware isn't just harmful to the user, it's also harmful to the host. You see, these people don't care; they are looking for maximum impact in the shortest amount of time with the most amount of damage...and hosts are an even better target. A user is one person, but a host is tens of thousands of users...possibly even millions. A host has exactly zero incentive to allow such malicious software to exist on their networks. This isn't about bulletproof security as much as it is about overwhelming business incentives to prevent such things. But, there's even more. ...
Up to this point, in what I've written so far, a person could say..."yeah, yeah, but you're biased". Even though I could go into volumes about why I am not biased (I don't work for an airport authority), this goes beyond the point. I am appealing to common sense here, and nothing more. There is also one other (perhaps even more significant) thing to consider, and this is regulatory oversight. Airports have lots of rules. LOTS. There are more regulatory rules at an airport than most people could even imagine. And, it's not a big stretch to imagine that security might be a big portion of these. If there were huge and unresolved security issues on an airport network (the ones who transport this data), then there would also be an indefensible position that their whole network(s) are vulnerable to control by outside, evil, doers. Right? So, I don't think I should have to go very far to reinforce how dim of a view airports would have to such an event (even one, let alone thousands)!
Furthermore, I need to address a concept known in the airport world as "concessions". A concession is a vendor who sets up shop at their own expense and pays rent. In theory, they control everything about their world. Take a food vendor like McDonald's; they're concession. And McDonald's often offers free things like Wifi (just to get you to eat there...it's called "dwell time", btw.) However, if McDonald's were determined to have a serious security breach in the USB plug ins at their restauraunts, then an airport would shut that service down (immediately) until the breach was corrected. Why? Because public relations is a really big issue at airports (Gawd knows with all the bad press EVERY airport gets over the TSA, which everyone universally hates!)
So, there's no way...that an innocent USB charging station at any serious airport is ever going to infect your phone. And...
...the TSA led scare that this is even possible is just pure "DOOM PORN"...nothing more. You don't have to trust me, you can go test it for yourself. Just don't be surprised if, when testing, you get locked out of the network. Why? Because you're doing exactly what they are trying to prevent.
You can safely charge your phone or other USB device at any airport without worry. There are so many checks and balances to prevent anything bad from happening it would make your head spin. Now, at Juan's Taco Shack food truck, maybe not, but at a full blown airport, it's not a worry.
Just stop it, TSA!! We don't need you, and we never did!
Well, first off; this threat is WAY overblown! There is no known technology which can do this under any circumstances other than a laboratory environment with very controlled conditions which the average person would never face in public. But let's examine why (and, I happen to know a bit of what I am talking about here).
First...in order to anything to "infect" your phone, or any other device, there has to be an intelligent mechanism nearby (i.e. like a storage device and a processor). Even if it's networked...which would mean the airport is "in on" the hack...there still has to be a storage device to host the malicious software. No airport would voluntarily participate in such a caper.
Secondly, your phone (or other device) would have to be set up to willingly accept downloads from any unknown source. Anyone with even reasonably updated OS's and even OEM virus protection would never allow this. Not ever. At minimum, you have to give your mobile device permission to accept a download, and you will be presented with numerous options to prevent its installation. Even beyond this, there is no way, other than the lowest IQ, who would allow their device to be taken over even for a second by a 3rd party. Now, people ask about 3rd party WiFi at airports (something I know about quite well). Yes, a user will be asked to accept certain terms and agreements, BUT, this is the ONLY allowance permitted on a device. Side note - Just think about this for a moment...if an airport or other public space knowingly allowed damaging or criminal malware and/or viruses to be inserted into their devices, how long do you think these networks would be deemed acceptable before they became the subject of every hacker blog and sensationalized news site on the planet? Like 5 minutes maybe? Bottom line, they'd be taken down instantly. BUT, there's more. ...
Malware isn't just harmful to the user, it's also harmful to the host. You see, these people don't care; they are looking for maximum impact in the shortest amount of time with the most amount of damage...and hosts are an even better target. A user is one person, but a host is tens of thousands of users...possibly even millions. A host has exactly zero incentive to allow such malicious software to exist on their networks. This isn't about bulletproof security as much as it is about overwhelming business incentives to prevent such things. But, there's even more. ...
Up to this point, in what I've written so far, a person could say..."yeah, yeah, but you're biased". Even though I could go into volumes about why I am not biased (I don't work for an airport authority), this goes beyond the point. I am appealing to common sense here, and nothing more. There is also one other (perhaps even more significant) thing to consider, and this is regulatory oversight. Airports have lots of rules. LOTS. There are more regulatory rules at an airport than most people could even imagine. And, it's not a big stretch to imagine that security might be a big portion of these. If there were huge and unresolved security issues on an airport network (the ones who transport this data), then there would also be an indefensible position that their whole network(s) are vulnerable to control by outside, evil, doers. Right? So, I don't think I should have to go very far to reinforce how dim of a view airports would have to such an event (even one, let alone thousands)!
Furthermore, I need to address a concept known in the airport world as "concessions". A concession is a vendor who sets up shop at their own expense and pays rent. In theory, they control everything about their world. Take a food vendor like McDonald's; they're concession. And McDonald's often offers free things like Wifi (just to get you to eat there...it's called "dwell time", btw.) However, if McDonald's were determined to have a serious security breach in the USB plug ins at their restauraunts, then an airport would shut that service down (immediately) until the breach was corrected. Why? Because public relations is a really big issue at airports (Gawd knows with all the bad press EVERY airport gets over the TSA, which everyone universally hates!)
So, there's no way...that an innocent USB charging station at any serious airport is ever going to infect your phone. And...
...the TSA led scare that this is even possible is just pure "DOOM PORN"...nothing more. You don't have to trust me, you can go test it for yourself. Just don't be surprised if, when testing, you get locked out of the network. Why? Because you're doing exactly what they are trying to prevent.
You can safely charge your phone or other USB device at any airport without worry. There are so many checks and balances to prevent anything bad from happening it would make your head spin. Now, at Juan's Taco Shack food truck, maybe not, but at a full blown airport, it's not a worry.
Just stop it, TSA!! We don't need you, and we never did!