We all live by our electronic devices these days, and with a lot of heavy use, your cell phone could be dying when you need it the most. However, before plugging into a public USB charging station, you need to be aware of juice jacking.
Juice Jacking Definition
Hackers and identity thieves are very creative and continuously come up with new ways to get at your data and steal your money. One of those is juice jacking. If you plug your device into an unsecured electrical outlet, the cord itself or the USB port could contain malware. Once you plug into it, an attacker could infect your device with malware or a virus. They could also log your keystrokes and access your accounts. Either way, your data is left wide open for them to steal. That is juice jacking.
How Does It Work?
All electronic devices need to be charged. Airports, hotels, and even coffee shops offer USB charging stations. However, you cannot be sure these charging stations or the cords are safe. As proven by Brian Krebs at DEF CON in 2011, as soon as a user plugs into an infected USB port or cord, their phone can be openly accessed, taken over, infected, and data can be stolen. The proof of concept was duplicated again in 2013 at a Black Hat security conference where they tested a malicious strain of malware called Mactans on kiosks set up around the room.
When you plug your phone in, the USB port creates a trusted connection, and the phone assumes that whatever it is connected to is safe. However, that trusted relationship can be exploited by hackers and thieves. Because data can travel back and forth between a USB connection, it makes it more vulnerable to juice jacking.
Possible Dangers
Cybersecurity experts often warn about the dangers of connecting to public Wi-Fi; they also want the public to be aware of this additional danger. There are two serious risks you should be mindful of before plugging into any public charging station, malware and data theft.
Malware Installation
Your device could be infected with malware or, even worse, ransomware. Any type of spyware can monitor your use, clone your phone data, copy your images, log keystrokes, steal usernames and passwords and all of those things are devastating. Ransomware takes it up a notch by locking all your data while hackers demand a ransom to unlock it. Malware and ransomware are serious risks to avoid.
Information/Data Theft
Identity theft is prevalent these days and becoming a real problem for many Americans. When you plug your device into an infected charging station, you get more than you bargained for. Often hackers use apps to copy all the data off your phone; they may spy on your calls, and check out your GPS locations, purchases, or browsing history. They may install software to check for personally identifiable information (even contained in apps) like your social security number, address, email address, bank or credit card numbers, or more.
Either way, if you plug in, it's like handing the keys to your life over to a criminal.
How to Prevent Juice Jacking
Although Google and Apple have done their part by building protection against juice jacking on their devices, you cannot be too careful. You may still be at risk if specific settings on your phone are insecure. Hackers can also take advantage of a vulnerability in the OS before it is patched. Some other protections to use to keep your identity and device safe are:
- Do not use public Wi-Fi or USB charging stations anywhere. Even trusted locations could be tainted.
- Bring your own charging cord with you and use a plain wall outlet. Data cannot be stolen through a regular AC wall outlet. If you are traveling outside the U.S., be sure to bring an adapter.
- Always set your device security and privacy settings to the maximum.
- Consider investing in an external battery or quick-charge device to charge you back up until you reach your destination.
- You can also look for USB pass-through devices that allow the power to travel through to your phone but block access to data or beyond.
- Some companies also sell "juice-jack-defender" mechanisms that block data transfer and allow you to charge without worrying.
- Never borrow a charging cable or use one lying near a charging station.
- Keep all your devices up to date with security patches.
- Install and run frequently good, strong, antivirus-anti-malware software on your phone.
The best defense against juice jacking and other forms of exploitation is simple common sense. If it feels wrong, don't do it.