Don’t trust that power bank: China flags espionage and privacy risks

China’s Ministry of State Security issued a warning on its official WeChat account on Wednesday, alerting the public to the potential dangers of using shared power banks—commonly known as "portable chargers" or "urine bags" in Hong Kong slang.

The advisory highlighted multiple security risks, including malware implantation, data theft, and unauthorized access to personal devices.

Hardware tampering: Covert data hijacking

The ministry explained that shared power banks could be embedded with malicious hardware, such as microchips, during manufacturing, distribution, or deployment.

These modified devices may establish hidden data channels while charging, allowing hackers to steal sensitive information—including contacts, photos, videos, social media accounts, and even payment details—from connected smartphones.

Deceptive authorization prompts

Exploiting users' urgency when their phone batteries are low, attackers may manipulate shared power banks to display misleading prompts, such as "Trust This Device?"

If users click "Allow" or "Trust," they unknowingly grant hackers full access to their devices, bypassing security protocols. This could enable remote surveillance, eavesdropping, and unauthorized control over the infected smartphone.

Silent infiltration

Some shared power banks may come preloaded with spyware, trojans, or backdoor programs.

Once connected, these malicious codes silently infiltrate the device, running in the background and turning the phone into a 24/7 surveillance tool without the user’s knowledge.

The ministry also warned that foreign intelligence agencies could exploit backend operational data from shared power banks.

By analyzing vast amounts of user information—such as location history, usage patterns, and device identifiers—they could use artificial intelligence to track individuals or groups, monitor movements, and even assess collective behaviors for espionage or other harmful activities, it noted.

To mitigate risks, the ministry urged the public to avoid using shared power banks of unknown origin, refrain from granting unnecessary permissions, and remain vigilant when connecting to external devices.

(Marco Lam)