Not a new threat per se, but it still has innocent mobile users falling into its trap. In fact, the term juice jacking was first coined in 2011 after researchers created a compromised charging kiosk to bring awareness about the threat. Various security agencies including the FBI have published advisory about USB charger scams or juice jacking. In India too, several banks including State Bank of India has warned its customers about the dangers of juice jacking.
Think twice before you plug in your phone at charging stations. Malware could find a way in and infect your phone,… https://t.co/NgMkyLwNN3
— State Bank of India (@TheOfficialSBI) 1575718671000
How juice jacking works
A USB port is often used as a medium for data transfer. On most phones, the data transfer is disabled by default, and the connection is only visible on the end that provides the power. It is a back-and-forth data transferring system, the way you can move around photos, videos or documents from one computer to another. In the case of juice jacking, the device owner is not able to see what the USB port connects to. So when the phone is plugged, if someone’s checking on the other end, they will be able to move data between your device and theirs.
Two biggest dangers of juice jacking
Data theft: When a device is plugged into the public USB port, a hacker can compromise that port to infect your plugged-in device. This could lead to stealing of the data on your mobile device. The cybercriminal can then search for financial information or other sensitive details in your device using a crawler program. This personal information can be used to impersonate you or access your financial data.
Malware installation: Cybercriminals can use malware app to clone your phone data and transfer it to their own device. This may include GPS location, purchases, photos and call logs. The hacker may also freeze your device and ask for ransom to restore it.
Tips to protect yourself against juice jacking
* Avoid public charging stations or portable wall chargers
* If you must charge your phone, use an electrical wall outlet.
* Carry and use only your personal cables.
* Use software security measures: This means always lock your phone this will ensure that it can’t pair with a connected device.
* Another idea is to switch off your device before charging it. As the USB port may then connect to the flash storage in the device.
* Choose a different method to charge your phone: These options include power banks or external batteries.
* Use USB pass-through devices: These charging-only adapters allow power to flow through but disable the data pin on the USB charger. This means that while the device charges, it won’t allow data to transfer.
Security in iPhones: Apple‘s iOS Security Guide update for iOS 12.3 defines its USB restricted mode as aiming to do the following:
“To improve security while maintaining usability, Touch ID, Face ID, or passcode entry is required to activate data connections via the Lightning, USB, or Smart Connector interface if no data connection has been established recently. This limits the attack surface against physically connected devices such as malicious chargers, while still enabling usage of other accessories within reasonable time constraints. If more than an hour has passed since the iOS device has locked or since an accessory’s data connection has been terminated, the device won’t allow any new data connections to be established until the device is unlocked. During this hour period, only data connections from accessories that have been previously connected to the device while in an unlocked state will be allowed. Attempts by an unknown accessory to open a data connection during this period will disable all accessory data connections over Lighting, USB, and Smart Connector until the device is unlocked again.”