Good answers in here, but I’d like to add we aren’t aware of this happening for real yet. It’s been done at hacker conferences, and some unsubstantiated reports in the eastern US.

The fact that the FBI and FCC are saying something likely means they know of a way to do this, likely with some fake overlay like the old ATM skimmers.

ELI5: it’s like when your mom says you are going to poke your eye out with that BB gun. May never happen, but not bad advice to follow.

Good answers in here, but I’d like to add we aren’t aware of this happening for real yet. It’s been done at hacker conferences, and some unsubstantiated reports in the eastern US.

The fact that the FBI and FCC are saying something likely means they know of a way to do this, likely with some fake overlay like the old ATM skimmers.

ELI5: it’s like when your mom says you are going to poke your eye out with that BB gun. May never happen, but not bad advice to follow.

All these answers are good but tbh there’s even a simpler scenario: For example, when I plug my phone into my computer, the computer can access the phone’s filesystem when the phone is unlocked; I can use this to do things like put music or other files on the phone. I don’t remember if it asked for permission the first time it did it (I don’t *think* it did), but it certainly hasn’t asked for permission since. It seems like your phone will assume that if you are unlocked while connected to a charger it means you’re giving the other end of the cable permission to access data. In that case, the other end could theoretically copy everything present on your phone and use it for whatever purposes they may want.

All these answers are good but tbh there’s even a simpler scenario: For example, when I plug my phone into my computer, the computer can access the phone’s filesystem when the phone is unlocked; I can use this to do things like put music or other files on the phone. I don’t remember if it asked for permission the first time it did it (I don’t *think* it did), but it certainly hasn’t asked for permission since. It seems like your phone will assume that if you are unlocked while connected to a charger it means you’re giving the other end of the cable permission to access data. In that case, the other end could theoretically copy everything present on your phone and use it for whatever purposes they may want.

All these answers are good but tbh there’s even a simpler scenario: For example, when I plug my phone into my computer, the computer can access the phone’s filesystem when the phone is unlocked; I can use this to do things like put music or other files on the phone. I don’t remember if it asked for permission the first time it did it (I don’t *think* it did), but it certainly hasn’t asked for permission since. It seems like your phone will assume that if you are unlocked while connected to a charger it means you’re giving the other end of the cable permission to access data. In that case, the other end could theoretically copy everything present on your phone and use it for whatever purposes they may want.

An attacker could open the charging station up and wire the USB ports up to a mini computer (think something like a Raspberry Pi). They can then do anything on your phone that you could do with your phone plugged in to a PC, including advanced stuff like redirecting your phone’s internet traffic though the USB or making use of any security flaws in your phone to access data without having to unlock the phone.

An attacker could open the charging station up and wire the USB ports up to a mini computer (think something like a Raspberry Pi). They can then do anything on your phone that you could do with your phone plugged in to a PC, including advanced stuff like redirecting your phone’s internet traffic though the USB or making use of any security flaws in your phone to access data without having to unlock the phone.

My brother used to fit USB ports on buses. Those only had the power lines. I’d naively like to believe that most of them are like that in public spaces but I’ve been in IT so long that I still find an outlet and use my own charger. Just in case.

An attacker could open the charging station up and wire the USB ports up to a mini computer (think something like a Raspberry Pi). They can then do anything on your phone that you could do with your phone plugged in to a PC, including advanced stuff like redirecting your phone’s internet traffic though the USB or making use of any security flaws in your phone to access data without having to unlock the phone.

My brother used to fit USB ports on buses. Those only had the power lines. I’d naively like to believe that most of them are like that in public spaces but I’ve been in IT so long that I still find an outlet and use my own charger. Just in case.