Public charging stations are ideal if your phone is low on battery. Unfortunately, research has shown that they also have the potential to be useful tools for hackers.
This is because USB charging stations can also be designed to both inject malware and steal data from anyone that uses them.
This is known as juice jacking. So how does juice jacking work and how can you protect yourself from it?
How Does Juice Jacking Work?
Juice jacking is possible because of how USB ports are designed. On a phone, they are primarily used for charging but they are equally suitable for transferring data. This means that whenever you plug your phone in to charge, you are also potentially opening the door to data transfers.
It’s considered a potential threat, not an actual threat, because most phones now ask permission before data transfers are initiated.
This means that, provided the user is paying attention, any hack would immediately be stopped. What’s not known is whether or not hackers will ever find a way around this protection.
What Happens if You Are a Victim?
Juice jacking has the potential to be used for stealing data and/or planting malware into your device.
If data is stolen, the damage obviously depends on what you have stored on your phone. Most people will have nothing more than photos and contacts.
But juice jacking could easily be used to target specific individuals who are known to possess valuable information.
Malware is a potential threat to anyone. A charging station can be programmed to inject a keylogger which will record any passwords that are entered into your phone.
Malware can also be installed to track the location of your phone or record any of your phone calls. It could even be used to lock you out of your phone altogether.
Where Did the Idea of Juice Jacking Come From?
The idea of juice jacking was first demonstrated at DEF CON in 2011. At the security conference, free charging stations were advertised. Anybody who plugged in their device was then shown a warning message explaining the dangers of public charging ports.
DEF COM is a security conference and many of the attendees are ethical hackers. Despite this fact, over 360 people plugged in their device.
Is Juice Jacking a Legitimate Threat?
Juice jacking is not something that the average person is going to come across. It’s a threat that has been demonstrated by security researchers but there has yet to be a single attack demonstrated in the wild.
In saying that, it’s worth noting that the reason security researchers demonstrate attacks such as this is that theoretical techniques often start being used eventually.
How to Prevent Juice Jacking
Juice jacking is easy to avoid. Here are four ways to charge your phone in public without risking malware.
Use Electrical Outlets Instead
This attack requires that you plug your phone in using a USB connection. It’s not possible to create a malicious electrical outlet. Carrying your own charger and using public electrical outlets is therefore a safe alternative.
Purchase a Battery Bank or Spare Battery
Battery banks and spare batteries aren’t expensive. Some power banks can be used to keep a phone topped up for over a week. These devices are obviously convenient even when you’re not trying to avoid malicious charging stations.
Lock Your Phone
If you decide to use a public charging station, make sure that your phone is locked. Provided a PIN needs to be entered to access your device, this attack should prove impossible.
Use a Charge-Only Cable
It’s possible to purchase USB cables that are charge-only. This means that they transfer power but they cannot be used to transfer potentially malicious data.
Provided you are carrying such a cable, you could use a malicious port risk-free. They are also useful if you want to charge your phone using a computer that you don’t trust.
What Is Video Jacking?
Public charging stations can also be used for video jacking. This is similar to juice jacking but instead of transferring data, this attack broadcasts whatever is on your phone screen to another device.
The idea is that, after you plug in your phone, the attacker will be able to see anything you do, such as messages and passwords. The victim will remain oblivious because the other screen could be anywhere.
This is another theoretical attack that was invented by researchers. But it does serve as one more reason to be wary about where you charge your phone.
Other Threats Posed by USB Devices
Juice jacking isn’t the only threat posed by rogue USB devices. Portable USB drives are also used extensively by hackers to target both individuals and large organizations.
The problem with USB drives is that they can be programmed to do anything. This includes installing malware, ransomware, or trojans.
A computer will also open some USB drives automatically without displaying any warning message. USB drives are cheap enough to be distributed in bulk. This means that an attacker can easily drop hundreds of them around an area and know that they will make a profit if just one of them is used.
Hackers use all sorts of reasons to convince people to try these devices. According to a 2016 study, doing so isn’t difficult either. After almost 300 devices were dropped around a campus, 48 percent of them were plugged in without anyone even being asked to try them.
Due to the prevalence of these attacks, it’s important to never use a USB device from an unknown source.
How to Protect Against Other Smartphone Hacks
The threat posed by rogue charging stations is well known. This is one of the reasons that phones now warn you before a data transfer is initiated. There are many hacking techniques, however, that smartphones do not simply stop in their tracks.
The best way to protect against traditional threats is to be very careful about what you download, what networks you connect to, and who, if anyone, you allow to use your phone.
Do you use public Wi-Fi? You’re a big target for hackers, so here’s how to protect yourself.
About The Author