When out and about there’s no doubt that you’ve experienced that desperate feeling as your phone battery edges closer to 0%. We’ve all been there. And we can probably all say that we’ve utilised public charging stations to give our phone that much needed boost. But did you know that you might be placing your device in harm’s way by doing so? Not many people do. We often associate the port on our phone as a means to charge the battery rather than a means to transfer data, but in reality, they are actually not one and the same. This is precisely the confusion that ‘juice jacking’ aims to take advantage of. We’ll be looking at precisely how to prevent juice jacking in this piece. Juice Jacking in a Nutshell Juice jacking occurs when a hacker has infected a USB port, or indeed a cable attached to a public charging station, with some form of malware or other harmful software. These most often occur at the public charging stations you find in train stations, shopping centers, airports, and anywhere else someone might require a quick charge. Just as soon as your phone is connected and charging as normal, an attacker may now be able to take control of your phone, access files, and private information, and even monitor your to obtain passwords and access to bank accounts. keystrokes How Does Juice Jacking Work? When you connect your phone, or other devices, to a computer using a USB lead, it’s usually recognized as an external device, which means it's ready to access and copy data to and from your device. USB ports are typically made up of five pins, only one of these is needed to charge the device it's plugged into. Of the other four, two are used for transferring data and the other two are used as a device presence indicator and the ground. In most cases, the phone you’re plugging in will not allow automatic data trust, and you’ll often be prompted to ask whether you trust the device you’re connecting to. If you ignore or reject the prompt, then you won’t be able to transfer to and from this host device. However, if you happen to connect your device to an infected public charger, you may not even be aware that your data is being shared to a third-party device until it's too late. In fact, statistics show that don’t know if they’ve been hacked or not. 30% of people How Can Someone Be Targeted By Juice Jacking? If you happen to use an infected charging station, there are numerous ways that you might be targeted: Data Theft One of the most typical forms of juice jacking attack involves covertly mining and exfiltrating the personal data of unwitting users simply charging their phones. This process is usually automated and will happen very quickly, which means it's very unlikely you’ll ever notice what’s happening. These days our phones revolve around everything we do in day-to-day life, which means your attackers are now likely to have access to bank accounts, contact information, emails, passwords, and a wide variety of other information. Malware Attacks If an attacker is able to take data from your phone, it, unfortunately, means they can also send data to your phone as well. This means they can , such as malware and other viruses to incur data loss, device impairment, unexpected network problems, and much more. upload malicious software Multi-Device This attack works in the same way as the previous point, but will also infect the other USB ports or cables on that same charging station. This means as soon as someone else plugs their phone into that same station, they will also be impacted by malware or other malicious software. When Am I at Risk of Juice Jacking? Anytime you plug your device into a public charging station, you’re at risk of a potential juice-jacking attack. Recent data tends to suggest these attacks are more common in airports, and other areas will have high foot traffic, such as train stations. There are a few reasons why this makes sense from a cyber attacker’s point of view: - cyber criminals require plenty of targets in order to be successful in what they’re trying to do, the more targets they have the more chance they have of succeeding. Increased targets - most travelers would consider having a fully charged phone an imperative before stepping on a plane or a train, which is why many choose to top up their batteries while waiting around. The insecurity of travel - airports and train stations are often high-stress environments, which means that people often don’t think twice before plugging their phones into the public charging station for some much-needed juice. High-stress environments How Can I Stop Juice Jacking? Don’t Use Public Charging Stations The most obvious means to prevent juice jacking attacks is to avoid public charging altogether. Unless you wish to invest in a quality power bank, then going without your phone for a while is far better than risking your personal data in a juice-jacking attack. Review Your Device Security Settings Your smartphone comes with some built-in protection against the threat of juice jacking. So if it’s absolutely imperative that you charge your phone using a public outlet, there are a few things you must do: Turn off the device option to automatically transfer data once connected to a host device. This setting is set to default on most and Android devices, but it’s certainly worth double-checking beforehand. Apple Lock your device once you’ve connected it to the charging port. This can make data transfer difficult. If you’re prompted with a “Do You Trust this Device?” pop-up, deny permission to this immediately. Turn off your phone, this prevents activating data transfer and will stop any transfer of information between devices. This might not be possible with some Apple models, which automatically switch on when enough power has been passed to the battery. Use a USB Data Blocker This is probably the best option if you’re in need of extra power. USB data blockers are small devices that look similar to USB drives - hence the name. They are easily transportable, which makes them ideal when you’re on the go, cheap, and can be purchased online from Amazon to specialized electronic stores. All you need to do is plug a charger cable into the data blocker and then connect it to your device. This creates a barrier between the public charger and your device and it will charge as normal, however, the data transfer pins within the public cable are disabled, therefore preventing the threat of data transfer. Takeaways Although juice jacking is still a relatively rare phenomenon nowadays, the threat will only increase as we continue to rely so heavily on smartphones and other devices. In this post, we’ve outlined exactly what these threats are and what you can do to avoid them altogether.
