(WMC TV) - Internet and data security sources said public battery-charging kiosks, particularly at airports, are vulnerable to hackers who can corrupt the kiosks and download data from travelers' smart phones.
James Ruffer III, a Memphis-based ethical hacker hired by corporations to test their systems for security weaknesses, said the kiosks' vulnerability is their USB ports, which support both power and data.
"When you're plugging (your USB cord) in there, do you know what's on the other end?" asked Ruffer. "When your laptop or smart phone is plugged into an airport kiosk, you can't tell if something's being downloaded from your device."
Data experts demonstrated the potential risk of the kiosks at DefCon, an annual hackers conference held in Las Vegas.
Jeff Horton, owner of the network security auditing company One Point Solutions Group of Germantown, TN, said the risk of someone hacking a device plugged into an airport kiosk is minimal.
"Usually, those kiosks are in an environment that may be monitored. There are video cameras," Horton said.
Horton added that most people don't store significant personal information like passwords or credit card numbers on their cell phones anyway.
"While there may be contacts and Internet usage history that might be interesting, I don't know that it's really something that people would want to steal for use or profit," he said.
"My mom has an extra passport photograph, her credit cards and stuff like that (on her smart phone) in case she leaves her wallet at home," countered Ruffer. "I have actually taken pictures of my credit card, of my license, certain of those things as kind of a back-up. So, yeah, people are starting to put some interesting things on telephones."
Ruffer suggested two precautions that would allow travelers to use the kiosks safely:
* CARRY YOUR AC ADAPTER INSTEAD OF YOUR USB CORD. Use the kiosks' AC outlets instead of their USB ports if you must charge a device.
* CARRY A PORTABLE BATTERY-CHARGING PACK COMPATIBLE WITH YOUR DEVICE. "I'll plug (my battery-charging pack) into the kiosk and let that charge first," said Ruffer. Since the pack doesn't store or receive data, it will charge just like any other device.
"Then I'll put it back on my phone, and I'll flip the switch and it'll charge my phone," Ruffer said.