What is juice jacking
We have probably all been there before, your at a concert or a convention then out of nowhere your phone battery begins to die. Nowhere to be found is there a power outlet. You probably have seen public charging stations at certain venues and hotels, where you can plug in your phone and charge away to get some life on your mobile device.
But what if, innocently you plug your mobile device to this charging station and it gets recharged, you head out to catch the next act or speaker and BAM your phone is compromised with malware or maybe, even though unethical hacking is taken over! Yeah sounds like something out of a science fiction novel but alas it has happened and is a real threat that exist.
How does juice jacking work?
You may have noticed but when you charge your phone through the USB port of your computer or laptop, this also opens the option to move files back and forth between the two systems. That all happens because a USB port is not simply a power socket. Wait what? See a regular USB connector has five pins, where only one is needed to charge the receiving end. Two of the others are used by default for simply, data transfers.
Unless you go into your devices’ settings and manually change the option, the data transfer mode is disabled by default, except on devices running older Android versions. The connection is only visible on the end that provides the power, which in the case of juice jacking is typically not the device owner. That means, anytime a user connects to a USB port for a charge, they could also be opening a pathway to move data between devices. This can be an indicator for a threat actor to take an initiative and abuse to steal data or install malware.
The different types of juice jacking
Data theft: During the charge phase, data is stolen from the said connected device.
Malware installation: When the connection is established, malware is dropped on the connected device. The malware will remain on the infected device until it is detected and removed by a user.
Data Theft the most common juice jacking method
In the first type of juice-jacking attack, cybercriminals could steal any and all data from mobile devices connected to charging stations through their USB ports. But there’s no hoodie-wearing hacker sitting behind the controls of the kiosk. So how would they get all your data from your phone to the charging station to their own servers? And if you charge for only a couple minutes, does that save you from losing everything?
So when you go to a charging station, it’s like some hoodie-wearing-Cheeto-eating hacker is going to be using a control system behind the scene to steal data from your device. Hackers do not have to be present because data theft can be basically fully automated. A cybercriminal could breach an unsecured kiosk using malware, then drop an additional payload that steals information from the connected device. When the compromise happens, your phone can be searched for personally identifiable information (PII), account credentials, banking-related or credit card data in just a mere few seconds. Malicious apps can also be installed on your device using Windows, iOS or Android.
Malware Installation
The other type of juice-jacking attack involves installing malware onto a user’s device through the same USB connection. So the intent is the same from the hackers perspective, they will place a piece of malware on your mobile device to steal data. This type of infection would not happen immediately as soon as you take your phone off the charging station. Instead, this would be a slow process as the malware would develop over time slowly but surely nabbing information such as GPS locations, purchases, social media interactions, photos, call logs, and other ongoing processes.
There are a significant number of malware that cybercriminals would install through juice jacking including adware, cryptominers, ransomware, spyware, or Trojans.
Cryptominers mine a mobile phone’s CPU/GPU for cryptocurrency and drain its battery, ransomware freezes device or encrypts files for ransom, spyware allows for long term monitoring and tracking of the target and trojans can hide in the background and create more vulnerability allowing for more infection.
Only you can prevent juice jacking
The first and most obvious way to avoid juice jacking is to stay away from public charging stations or portable wall chargers to begin with.
If you cannot fathom the idea of not having a phone and a battery charge is necessary to get you through the next leg of your travels, using a good old-fashioned AC socket (plug and outlet) will do the trick.
There are some other non-USB options you can use such as external batteries, wireless charging stations, and power banks, which are devices that can be charged to hold enough power for several recharges of your phone. Higher end power banks and wireless chargers that can hold more charge can run upwards to $100 but you have to think to yourself, pay the money for a good wireless charger or suffer the fate of your phone getting compromised and run the risk of losing more and more money.
Lastly, I suggest a USB data block or juice-jacker defender as they will always almost surely prevent an accidental data exchange. These data ‘condoms’ will only set you back $10-$20.
Stay safe everyone!
Like and follow us on social media (we are on LinkedIn, Facebook, Twitter, and Instagram).
Also, we are accepting beta testers to try our machine learning-driven anti-malware application, Entrap for free! Sign up here.
Your business matters. Protect it.
But what if, innocently you plug your mobile device to this charging station and it gets recharged, you head out to catch the next act or speaker and BAM your phone is compromised with malware or maybe, even though unethical hacking is taken over! Yeah sounds like something out of a science fiction novel but alas it has happened and is a real threat that exist.