Before you plug your iPhone into that free USB port at the airport gate, federal agencies want you to think twice. The Transportation Security Administration has used its social media channels to echo a warning that the FBI, FCC, and multiple state governments have been pushing for years: public USB charging stations can be weaponized to steal your data. The attack method, known as “juice jacking,” is simple enough that security researchers have demonstrated it live at hacking conferences, and the fix on your iPhone takes about 30 seconds.
With summer 2026 travel ramping up and airports expecting record passenger volumes, the warning is circulating again. Here is what the threat actually involves, which iPhone setting you should turn off right now, and the low-cost habits that eliminate the risk entirely.
How juice jacking works
A standard USB cable carries both power and data over the same connection. That dual purpose is what makes juice jacking possible. A bad actor tampers with a public USB port, or leaves a compromised cable draped over a charging kiosk, so that when you plug in your phone, a data channel opens alongside the electrical one. Through that channel, an attacker can potentially copy contacts, photos, messages, and stored credentials, or push malware onto the device without any visible sign that something is wrong.
Michigan Attorney General Dana Nessel flagged two specific attack vectors in an April 2023 consumer warning. The first is a compromised port hardwired into a kiosk or wall panel. The second is an infected cable disguised as a free giveaway or left behind by a previous traveler. That second vector is especially dangerous because a tampered cable looks and feels identical to a legitimate one. You cannot tell the difference by inspecting it.
Michigan’s Consumer Protection division published a standing alert reinforcing the same points and listing defensive steps. Both documents reference federal agency guidance, making clear that the concern spans multiple levels of government and is not limited to a single state.
The iPhone setting you should disable now
Apple built a defense directly into iOS called USB Restricted Mode. When enabled, it prevents any USB accessory from establishing a data connection with your iPhone if the device has been locked for more than one hour. The feature has been available since iOS 11.4.1 and works on every iPhone model still receiving software updates, including current USB-C models.
To make sure it is active, open Settings, tap Face ID & Passcode (or Touch ID & Passcode on older models), enter your passcode, then scroll down to the USB Accessories toggle. If that toggle is turned on, your phone allows USB devices to connect even when locked. Turn it off. With the toggle off, your locked iPhone will refuse data requests from any USB connection after 60 minutes, effectively slamming the door on juice jacking.
There is also a simpler, real-time defense: when you plug into an unfamiliar USB source, your iPhone may display a “Trust This Computer?” prompt. Always tap Don’t Trust. If you never unlock your phone or authenticate with Face ID or Touch ID while connected, the data channel stays closed and only power flows through.
Three habits that eliminate the risk
Device settings help, but the most reliable protection is never connecting to an untrusted USB port in the first place. The Michigan Consumer Protection alert and federal guidance converge on three alternatives:
- Carry a portable battery pack. A compact power bank with a single full charge costs under $20 and fits in a carry-on pocket. It removes the temptation to hunt for a public port entirely.
- Use a wall outlet with your own adapter. A standard AC outlet delivers power only. Plugging your own charging brick into a wall socket bypasses the USB data pathway altogether.
- Use a USB data blocker. If a shared USB port is your only option, a data blocker, sometimes called a “USB condom,” is a small dongle that physically disconnects the data pins while allowing electricity through. They cost a few dollars and are small enough to keep on a keychain.
How real is the threat?
Juice jacking is technically proven. Security researchers have demonstrated successful data extraction and malware installation through compromised USB connections at events like DEF CON. The FBI and FCC have both referenced the threat in public communications, and state attorneys general have issued formal advisories.
That said, documented cases of travelers being compromised through airport USB ports remain rare in public reporting. No federal agency has published statistics showing a wave of confirmed juice jacking incidents at U.S. airports or transit hubs. The gap between “technically possible” and “happening at scale” is real, and it is worth acknowledging.
But that gap does not make the precautions pointless. The cost of protecting yourself is essentially zero: a settings toggle, a $5 data blocker, or a battery pack you probably already own. The potential downside of ignoring the risk, even if the odds are low, includes exposed passwords, financial credentials, and personal files. Security professionals treat juice jacking the way most people treat locking a car door: the odds of a break-in on any given day are small, but the habit costs nothing and the consequences of skipping it can be severe.
What to do before your next flight
Open your iPhone’s passcode settings today and confirm USB Accessories is toggled off. Toss a portable battery pack or a USB data blocker into your travel bag. If you find yourself at a gate with a dead phone and no alternatives, use a wall outlet, not a USB port. And if someone offers you a free charging cable at an airport kiosk, leave it where it is.
The warning has been circulating across federal and state agencies for years now. The tools to act on it have been built into your iPhone for even longer. The only step left is actually using them.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
