Have you ever wondered if your data is protected in public places when our phones are drained, we seek help at public stations by just plugging into the USB ports that fit in and it’s done? Maybe, yes, we all have done it at some point of time in life. But do you know you could have been the victim of a juice jacking attack, and you will probably not become aware of the attack and that you are a victim of such a crime?
Charging is more commonly associated with electricity than with data. When you connect your phone to a USB port, however, it can technically transfer both electricity and data. And if it can transfer data, it can steal your personal information and install malware on your device.

What is juice jacking?

A USB charging station that has been infected can be used to corrupt linked devices in a security exploit known as “juice jacking.” The vulnerability uses the fact that a mobile device’s power source runs over the same USB cable linked to another device to sync data.
Airports, shopping centers, and other public locations that offer free mobile device charging stations face a massive security risk from juice-jacking vulnerabilities. The danger of falling prey to a juice jacking trap is currently considered to be low, although the attack vector is real and frequently contrasted with ATM card skimming threats from earlier years. Both card skimming and juice jacking depend on the end user believing that the compromised gadget/device is secure. Juice jacking does not yet appear to be a widespread threat, but it’s still a threat that can lead to massive cyber-attacks on an individual as well as organizations, hence it is pertinent to understand your risks and alternatives before leaving public places like airports or hotels.

How does juice jacking work?

We all use phones and gadgets, like I-phones, smartphones, Android, devices: and smartwatches to simplify our lives. But one thing common in it, is the charging cables or USB port, as the data and power supply pass through the same port/cable.

This is potentially a problem with devastating consequences. When your phone connects to another device, it pairs with that device (ports/cables) and establishes a trusted relationship. That means the devices can exchange data. During the charging process, the USB cord opens a path into your device that a cybercriminal can exploit.
There is a default setting in the phones where data transfer is disabled, and the connections which provide the power are visible at the end. For example, in the latest models, when you plug your device into a new port or a computer, a question is pooped asking whether the device is trusted or not. The device owner cannot see what the USB port connects to in case of juice jacking. So, if you plug in your phone and someone checks on the other end, they may be able to transfer data between your device and theirs thus leading to a data breach.

A leading airline was recently hacked into which caused delayed flights across the country. When investigated it was found that malware was planted in the system by the use of a USB port, which in turn allowed the hackers access to critical data in order to launch their malware attack.

The risk involved in juice jacking:

There are two major risks involved in juice jacking: Data theft &Malware installation
Data Theft:Once you plug into the public data port, the port could have been compromised by cybercriminals, the port may be infected with malware, which could potentially enable someone to steal data from your cell phones to theirs, the bad actors can steal your personal data, financial data making it easy for them to execute impersonation attacks.
Juice jacking could cause both financial and personal loss without knowing that you are a victim of such a crime.

Malware installation: Malware apps are used by cybercriminals to clone your phone data to their device; these could help them to gather information such as GPS history and footprints, your e-commerce history, banking details, etc.
Some types of malware include Trojans, adware, spyware, crypto-miners, etc. Once this malware is injected into your device, it’s easy for cybercriminals to extort a ransom to restore the information they have unauthorized access to.

Tips to protect yourself from juice jacking

There are a few simple and effective tips to keep your smart devices smart
Avoid using public charging stations: – The best way to protect yourself and your devices is to avoid public charging stations it’s always a good habit to charge your phones in your car, at home, and in offices when not in use.

Using a wall outlet is a safe option: -if it’s too urgent for you to use a public station, then try to use wall outlets rather than poles because data can’t get easily transferred.

Use other methods/modes of charging: – If you are traveling it’s always safe to carry a power bank, they are easy to carry.

Software security: – It’s always advised to regularly update your phone’s software. Once connected to the charging station, lock your device. This will prevent it from syncing or transferring data.
You can also power off your device before charging it. However, many mobile phones (including an iPhone) turn on automatically when connected to power. As a result, your mileage may vary. This is an effective safeguard if your phone does not turn on automatically when connected to power.

Conclusion:

To sum up, we can say that juice-jacking attacks are less frequent. While not the most common type of attack today, the number of occurrences is expected to rise as our smartphone gadget usage grows. Our cyber safety and security are in our hands and hence protecting them is our paramount digital duty, although one sees no harm in charging ports, it doesn’t mean it’s not harmful. With the increased use of ports such crimes will happen and evolve hence it is essential to counter these attacks now by sharing knowledge and awareness of such crimes and reporting the same to competent authorities to eradicate the menace of cybercriminals from our digital ecosystem.

Author: Ms. Tanushree Saxena, Trainer, CyberPeace Foundation

Leave a Reply

About Cyber Peace Corps

Address: B-55 MIG, Ranchi Jharkhand, India
Phone: (+91) 82350 58865
Email[email protected]