Public charging stations are ideal if your phone’s battery is low. Unfortunately, research has shown that they also have the potential to be useful tools for hackers.
That’s because USB charging stations can also be designed to inject malware and steal data from anyone who uses them.
This is known as juice jacking. So how does juice jacking work and how can you protect yourself from it?
How does juice jacking work?
Juice jacking is possible because of how the USB ports are designed. On a phone, they are mainly used for charging but they are equally well suited for transferring data. This means that whenever you plug your phone in to charge, you’re potentially opening the door to data transfer as well.
This is considered a potential threat, not a real threat, as most phones now ask for permission before data transfer can begin.
This means that, if the user is paying attention, any hack will be stopped immediately. It is not known whether hackers will ever be able to find a way around this protection.
What happens if you are a victim?
Juice jacking has the potential to be used to steal data and/or install malware on your device.
If the data is stolen, the damage obviously depends on what you have stored in your phone. Most people will have nothing but photos and contacts.
But juice jacking can easily be used to target specific individuals who are known to possess valuable information.
Malware is a potential threat to anyone. A charging station can be programmed to have a keylogger that will record any passwords you enter on your phone.
Malware can also be installed to track your phone’s location or record any of your phone calls. It can also be used to completely lock you out of your phone.
Where did the idea for juice jacking come from?
The idea of juice jacking was first demonstrated at DEF CON in 2011. At the safety convention, free charging stations were advertised. Anyone who plugged in their device was shown a warning message explaining the dangers of public charging ports.
DEF COM is a security convention and many of those who attend are ethical hackers. Despite this fact, more than 360 people plugged in their devices.
Is Juice Jacking a Legitimate Threat?
Juice jacking is not something that the average person is going to come across. This is a threat that has been demonstrated by security researchers but has not yet demonstrated a single attack in the wild.
In saying that, it’s worth noting that the reason security researchers demonstrate such attacks is because theoretical techniques often eventually begin to be used.
how to stop juice jacking
Juice jacking is easy to avoid. Here are four ways to charge your phone in public without risking malware.
Use an Electrical Outlet Instead
This attack requires that you have your phone plugged in using a USB connection. It is not possible to make a malicious electrical outlet. So a safer option is to carry your own charger and use public electrical outlets.
buy a battery bank or spare battery
Battery banks and spare batteries are not expensive. Some power banks can be used to keep the phone on top for more than a week. These devices are clearly convenient even when you’re not trying to evade malicious charging stations.
lock your phone
If you decide to use a public charging station, make sure your phone is locked. Provided that accessing your device requires entering a PIN, this attack should prove impossible.
Use a charge-only cable
It is possible to buy USB cables that are charge only. This means they transfer power but cannot be used to transfer potentially malicious data.
Provided you are carrying such a cable, you can use a malicious port risk-free. They’re also useful if you want to charge your phone using a computer you don’t trust.
What is video jacking?
Public charging stations can also be used for video jacking. It is similar to juice jacking but instead of transferring data, this attack transmits whatever is on your phone’s screen to another device.
The idea is that, after you plug in your phone, the attacker will be able to see anything you do, such as messages and passwords. The victim will remain oblivious as the second screen can be anywhere.
This is another theoretical attack invented by the researchers. But it’s another reason to be careful where you charge your phone.
Other threats posed by USB devices
Juice jacking isn’t the only threat posed by rogue USB devices. Portable USB drives are used extensively by hackers to target both individuals and large organizations.
The problem with USB drives is that they can be programmed to do just about anything. This includes installing malware, ransomware, or Trojans.
A computer will also automatically open some USB drives without displaying any warning messages. USB drives are cheap enough to be distributed in bulk. This means that an attacker can easily drop hundreds of them around an area and know they will make a profit if just one of them is used.
Hackers use all kinds of reasons to persuade people to try these tools. According to a 2016 study, it’s not even that difficult to do. After nearly 300 devices were dropped around a campus, 48 percent of them were plugged in without even trying.
Due to the prevalence of these attacks, it is important to never use a USB device from an unknown source.
How to protect against other smartphone hacks
The danger posed by rogue charging stations is well known. This is one reason why phones now warn you before data transfer begins. There are so many hacking techniques, however, that smartphones simply don’t stop in their tracks.
The best way to guard against traditional threats is to be very careful about what you download, what networks you connect to and who, if any, you allow to use your phone.
Do you use public Wi-Fi? You are a big target for hackers, so here’s how to protect yourself.
About the Author