Juice jacking

Mr. Neeraj Soni
Mr. Neeraj Soni
Sr. Researcher - Policy & Advocacy, CyberPeace
PUBLISHED ON
Oct 20, 2023
10

Introduction:

Cybercriminals can hack your phone using or exploiting some public charging stations such as at airports, Malls, hotel rooms, etc. When you plug in your phone or laptop devices into a power charger using USB, you may be plugging into a hacker. Juice jacking poses a security threat at public charging stations at airports, shopping malls and other public places that provide free charging stations for mobile, tablet, and laptop devices. 

Cybercriminals can either hack into the public charging spot or download malware or viruses through the USB port into your system. When you plug your phone, laptop, tablet or other such devices for charging at public charging stations, it can download malware to your phone and other such devices, and then hackers can access your personal information or passwords, It is really a problem since hackers can even get access to your bank account for unauthorised transactions by accessing your passwords and personal information. 

Hence it is important to think twice before using public charging spots, as it might lead to serious consequences such as malware, data leak and hacking. Hacking can gain unauthorised access to your personal information by installing malware in your device and they might monitor your device by installing monitor software or spyware to your device. This scam is referred to as juice jacking. 

FBI issued an advisory  warning about using public charging stations:

The Federal Bureau of Investigation (FBI), In May 2023, advised users to avoid using free charging stations in airports, hotels, or shopping centres. The warning comes as threat actors have figured out ways to inject malware into devices attached to publicly installed USB ports.

Updated Security measures:

We all must have seen public charging points such as airports, shopping malls, metro, and other public places that provide charging stations for mobile devices. But it can be a threat to your stored data on your device. During the charging process, your data can be transferred which can ultimately lead to a data breach. Hence utmost care should be taken to protect your information and data. iPhones and other devices have security measures in place, When you plug your phone into a charging power source, a pop-up appears to ask permission to allow or disallow the transfer of Data. There is also a default setting in the phones where data transfer is disabled. In the latest models, when you plug your device into a new port or a computer, a pop-up appears asking whether the device is trusted or not. 

Two major risks involved in the threat of Juice jacking: 

  1. Malware installation: – Malware apps can be used by bad actors to clone your phone data to their device, Your personal data is transferred leading to a data breach. Some types of malware include Trojans, adware, spyware, crypto-miners, etc. Once this malware is injected into your device, It is easy for cybercriminals to extort a ransom to restore the information they have unauthorized access to.
  2. Data Theft: It is important to give emphasis to the question of whether your data is protected at public charging stations? When we use a USB cable and connect to a public charging station port, cyber-criminals by injecting malware into the charging port system, can inject the malware into your device or your data can be transferred to the bad actors. USB cords can be exploited by cybercriminals to commit malicious activities.

Best practices: 

  • Avoid using public charging stations: Using public charging stations is not safe. It is very possible for a cybercriminal to load malware into a charging station with a USB cord. Hence It is advisable not to use public charging spots, try to make sure you charge your phone, and laptop devices in your car, at home or office so it will help you to avoid public charging stations.
  • Alternative method of charging: You can carry a power bank along with you to avoid the use of public charging stations.
  • Lock your phone: Lock your phone once connected to the charging port. Locking your device once connected to the charging station will prevent it from being able to sync or transfer data.
  • Software update: It is important to enable and use your device’s software security measures. Mobile devices have certain technical protections against such vulnerabilities and security threats. 
  • Review Settings: Disable your device’s option to automatically transfer data when a charging cable is connected. This is the default on iOS devices. Android users should disable this option in the Settings app. If your device displays a prompt asking you to “trust this computer,” it means you are connected to another device, not simply a power outlet. Deny the permission, as trusting the computer will enable data transfers to and from your device.  So when you plug your device into a USB port and a prompt appears asking permission to "share data" or “trust this computer” or “charge only,” always select “charge only.”

Conclusion:

Cybercriminals or bad actors exploit public charging stations. There have been incidents where malware was planted in the system by the use of a USB cord, During the charging process, the USB cord opens a path into your device that a cybercriminal can exploit, which means the devices can exchange data. That's called juice jacking. Hence avoid using public charging stations, our safety is in our hands and it is significantly important to give priority to best practices and stay protected in the evolving digital landscape. 

References: 

PUBLISHED ON
Oct 20, 2023
Category
TAGS
No items found.

Related Blogs