New Choicejacking Attack Exploits Charging Stations to Steal Data from Phones

Public charging stations have always been considered a convenient way to power up devices on the go. However, recent cybersecurity research reveals a disturbing new threat—called Choicejacking—that turns these stations into data-stealing traps, often without the user even realizing it.

For years, “juice jacking” has been a known security concern. Hackers infected charging stations or USB ports to either inject malware or extract data from smartphones. In response, modern smartphones implemented safeguards such as prompting users to approve data transfer when connected to unfamiliar ports or allowing the option of setting devices to “charge-only” mode.

But cyber researchers from Graz University of Technology in Austria, as reported by Hackread, have uncovered a new method that sidesteps these protections altogether.

Choicejacking is a sophisticated USB attack that exploits a device’s communication protocols by spoofing inputs like keyboard commands or manipulating data buffers. Unlike traditional malware that relies on malicious files, this attack simulates user actions at lightning speed—completing in less than 133 milliseconds, faster than the blink of an eye.

Essentially, a malicious charging station can pretend to be a keyboard or USB device, issuing commands to the phone that automatically grant data access—without any prompt or user interaction. This means attackers can silently access photos, messages, or even install malicious software, all without the victim noticing.

Whether you’re an Android or iOS user, the vulnerabilities remain, and attackers are continuously refining their methods.

While the threat might sound alarming, there are practical steps besides avoiding public or suspicious USB charging station when possible, which can help you stay safe including:

• Use Your Own Power Bank: Carrying a portable charger ensures you can power your device without risking exposure.
• Opt for Wall Outlets: Use your own cables and adapters plugged into wall sockets instead of public USB ports.
• Enable “Charge-Only” Mode: Many devices allow you to restrict data transfer to prevent unauthorized access.
• Keep Your Software Updated: Regular updates patch security vulnerabilities that are eventually fixed that hackers may exploit.

And when in doubt, use your own charger and power source.

Vigilance is important in our increasingly connected world. By staying informed and cautious about where and how we charge our devices, we can reduce the risk of being affected by these advanced cyber threats.

Learn more about the findings and report on Hackread’s official post.