In a public place, when the phone’s battery is about to take its last breath, what is the next course of action? It’s probably to get to a cafe, shopping mall, or anywhere one finds a public charging port, and plug in the phone. A non-suspecting activity, isn’t it? While the act may appear ordinary and safe, it can make one susceptible to what is called juice jacking.
What is it?
American journalist and investigative journalist Brian Krebs is credited with coining the term juice jacking. It is a security exploit in which an infected USB charging station is employed to tamper with the connected devices. It works on the fact that the connected device’s power supply passes over the same USB cable that is used to sync data.
Juice jacking first emerged during the 2011 DEF CON hacking conference. There the attendees were offered to charge their mobile devices using the free charging stations. As soon as they plugged in, a warning appeared of never trusting such free offers as this could make their devices susceptible to being compromised. Although the risk is low, the threat is real; especially at public places like cafes, malls, railway stations, airports, etc.
How it works
There are multiple ways juice jacking happens. For example, the attacker can use the USB connection to load malware onto the charging station. She can also tamper, or infect, the connection cable, and let it remain plugged in, for the unsuspecting users to plug it in their devices. Here it should be understood that a USB connector has multiple pins, such as one for charging, and another for data transfer, which allows one to transfer data while the device is getting charged. Hence, while one thinks that the mobile device is getting charged, juice jacking, meanwhile, allows attackers to get sensitive information, such as files, passwords, bank details, personal texts, etc.
Multiple types
There is no one but multiple types of juice jacking attacks, which include:
In this, the attacker installs malware onto the device, which can further lead to the manipulation of the mobile device. For example, the user can be spied upon, locked out of the device, or can lead to data theft.
Data theft is another type of juice jacking attack. Here, as the mobile device is plugged into a compromised charger, large amounts of data can be compromised. If it is plugged in for a long time, large amounts of data can be stolen.
Not just harming the plugged-in device, a compromised charger can exploit other devices too. For example, the infected cable can infect other ports and cables with the malware.
There are some malwares that can lock users out of the phone, hence, giving attackers full access to the mobile device.
While juice jacking is considered low-risk, it still remains a threat. Hence, taking a cautionary approach can help prevent it.
How to protect against juice jacking?
- While juice jacking remains a potential risk, there are ways to prevent it. Following are some of the ways:
- The easiest way is to bring your own charger instead of relying on those plugged in at the charging stations.
- Also, avoid public charging stations, especially those that you see as high-risk. Here, carrying a high-quality portable charging device, such as a power bank, can be an option.
- You can also protect your phone, using a USB condom, also called a USB data blocker. It is an adapter that only lets the device be charged, and blocks data transfer, hence, preventing any tampering.
- While charging your mobile device at a public charging station, avoid unlocking it, as it can make it vulnerable to unsolicited access.
- Also, keep your device’s software updated, as they include security features that can protect your device from juice jacking and alike attacks.
- Disable the auto-connect feature. This way, you will avoid connecting to a malicious network or device.
[ad_2]