A new way to steal your data is Juice Jacking. Even costly mobiles, cannot prevent your data from being stolen with so much ease. To make it happen, what one needs is just a charging station with cable, and power connectivity. Let’s reach out to its core reason. When your battery is running down and you don’t have a power outlet, you would connect your phone to any old USB port at any public place. And by this, your phone might get infected. This type of cyberattack is called, “juice jacking.” Juice jacking is technically possible. The attackers use an infected cable or charging port to extract your confidential data from the connected device or upload malware onto it. “Juice Jacking”, The term was first coined in 2011 by Brian Krebs after a proof of concept was conducted by Wall of Sheep at DEF CON. As peak vacation season is approaching, there is a public warning being issued about charging phones via USB at public charging stations like airports and hotels, as well as pluggable USB wall chargers.
Pluggable USB wall chargers are portable charging devices that can be plugged into an AC socket. However, this cyber attack has not been documented widely, other than a few unconfirmed reports on the east coast and in the Washington, DC, area. This holiday, instead of worrying about juice jacking, there are few recommendations that can be followed to prevent such issues while traveling. To avoid infecting your mobile devices at public charging points, learn about how these attacks could happen and what you can do to prevent them.
How does juice jacking work?
As you might have noticed, when you charge your phone through the USB port of your laptop or computer, this also opens up the option to move files back and forth between the two systems. Why this happens because a USB port is not simply a power socket. A regular USB connector has five pins, out of which only one is needed to charge the receiving end. By default, two others are used for data transfers. Unless changes in phone settings are not made, the data transfer mode is disabled by default, except on devices running older versions of Android. This connection is typically visible to the end that provides the power. This power providing an end is not the device owner in case of juice jacking. That means, whenever a user connects to a USB port for a charge, they also be opening up a passage to move data between devices. This pathway is used by threat actors to steal data or install malware.
Types of juice jacking
There are two ways in which Juice jacking could work. They are data theft and malware installation. In data theft, during the charging, data is stolen from the connected devices from one to another. While in the other way i.e. malware installation, as soon as the connection is established, malware is dropped into the connected device. This dropped malware remains on the device until it is removed by the user, and detected on time. In the first type of juice-jacking attack i.e in data theft, attackers could steal any amount of data either partial or full from mobile devices connected to charging stations through their USB ports. But there is no hidden hacker behind the control walls. So, one question might arise, how could they get all your data from your phone to the charging station to their servers?
And what if you charge for a few minutes only, will they still manage to get all your data or partial only. Don’t be a fool, data theft could be completely automated. Cybercriminals might drop a payload using unsecured malware that could steal whole information from the connected devices with a few couples of seconds. There are defaulters who could filter your account credentials, credit card or bank-related details in seconds. There are a number of malicious apps available that can grab one phone’s all data to another phone using a Mac computer or windows as the man in the middle. So threat actors on other attached end could get all they need with few efforts. Cybercriminals did not always target high profile users for data theft that could even fool government or other potential executives. They can sell our information on dark webs for money-making. Malware installation This second type of juice jacking attack involves installing malware onto a user’s device through the same USB connection. In this data theft is not the final goal. It often takes place in the service of other criminal activities. If threat actors were aimed to steal data through malware installed on a mobile device, it wouldn’t take place upon USB connection instead take place over time. Through this simple way, hackers could gather more and more varied data, such as purchases made, call logs, GPS locations, social media interactions, photos, and other ongoing processes.
How to prevent Juice Jacking Countermeasures which could be followed are as follows.
The Foremost obvious way to avoid juice jacking is to stay away from public charging points or portable wall chargers. If it’s damn necessary to charge, then charge in switch-off states. If you need chargers at too random points, then carry a power bank with you. While traveling, always carry the correct adapter for various powers outlet systems along your route.