This is how your phone can be hacked when you juice it up at public charging stations.
We all know how important it is to keep our devices charged and ready to go at a moment’s notice. But what happens when you plug in to charge your phone at an airport or public charging station, and someone starts siphoning data from your device without you knowing? This is called “juice jacking,” and it’s a threat to our privacy.
Coined in 2011 by security journalist Brian Krebs, juice jacking is a hardware-based Man-in-the-Middle (MitM) attack where criminals use public charging stations to siphon off your files and information, monitor your keystrokes or even infect your phone with viruses or malware. In some cases, the attacker may even be able to control your device once they have access to it remotely.
Understanding a juice-jacking attack
One of the most significant uses for a USB port is to charge your electronic devices. However, there are other ways to use it, such as for data transfers. A typical USB connector has five pins; while one is needed for charging, two are reserved for data transfers. This is where someone can infect your device or steal sensitive data using the USB port. Most devices automatically disable data transfer (except devices running on older Android versions) by default. However, the hacker can enable it discreetly using off-the-shelf hardware, which can easily be installed in the charging port of a public charging station.
In 2019, the District Attorney’s Office of Los Angeles County warned the public against the risks of juice jacking. Through a public service announcement (PSA) video, Deputy District Attorney Luke Sisak suggested juicing up your phone in public charging stations at places like airports, malls and hotels could lead to it being hijacked.
In December 2019, the State Bank of India (SBI) also put out a similar warning to their customers. “Think twice before you plug in your phone at charging stations. Malware could find a way in and infect your phone, allowing hackers to steal your passwords and export your data,” SBI tweeted.
These warnings highlight the need for caution when using public charging stations. If you’re worried about becoming a victim of juice jacking, there are some steps you can take to protect yourself.
How to avoid juice jacking
Avoid public charging stations
When using a public charging station, it’s important to be alert. Don’t leave your phone unattended while plugged in, which makes it vulnerable to attack and theft. Instead, plug your phone into a traditional AC power outlet or use a power bank that you can take anywhere. Lastly, switch your phone off to prevent data from flowing (if your phone doesn’t sync when turned off).
Buy a USB data blocker
If your phone runs out of power, and the only option is to use a public charging station, you should use a USB data blocker, or “USB condom”, to prevent your devices from being infected with malware. It is a small adaptor that blocks the data flow between your device and a USB port, as it does not connect to the data pins on the cable.
Use antivirus software
It is always crucial that you install antivirus software on your devices and keep it up-to-date. Although it doesn’t completely eradicate the likelihood of your phone being hijacked, this helps block any malware installation attempts via a charging station.
As we increasingly rely on our devices, it’s important to keep them safe from juice jacking and other forms of attack. Following these tips can help protect your devices from being compromised. Remember always to be aware of your surroundings and to trust your gut if something doesn’t feel right. Stay safe out there!
- What is Data Harvesting And How to Prevent It
- Common Signs of Identity Theft: How Are Our Identities Stolen?
- What Are the Top Five Cybercrimes?
- Top Five Data Breaches By Tech Giants In Recent Years
Header image courtesy of Pexels