From the time you wake up to when you go to sleep, your phone’s battery is draining while you stream shows, listen to music, and text your friends. Your phone might get that low battery notification much earlier than you expect, while you’re away from any means to charge it. Luckily, you look around and spot a public USB charger so that you can top off your phone! It’s a total lifesaver – or is it?
Public charging kiosks can be used by hackers to attack your phones to exfiltrate data or upload malware to your device without your knowledge. The phrase “juice-jacking” was coined by Wall of Sheep, a hacking group, when they presented their proof of concept for this kind of attack at Def Con 2011. Despite its name, a USB charger can get access to more of a phone than just charging it. Ideally, these kiosks would only have the USB pins that would allow for the charge of the phone, but many leave the data pins also connected. A hacker can then start pulling personal information from your phone as soon as you plug it in. Alternatively, ransomware can be uploaded to your phone demanding payment for your phone to be unlocked.
Fortunately, this type of attack is very simple to avoid. Simply stay away from the public charging kiosks, and instead, opt to bring your own USB power adapter with you. Or, for a smaller solution, a USB condom can be purchased which will prevent any data to enter or leave your phone. Both solutions will not allow data transfer to take place while charging your device.
New Android and iPhone phones come with versions of the operating systems that will show a pop-up alert if the device they are connected to has the capability for data transfer, and will prompt the user to trust the connected device or not. Making sure that you have updated your current devices with the most recent software is another very effective way to prevent juice-jacking.
This all being said, juice-jacking is a very rare type of attack, and mostly exists in hypothetical situations and proof-of-concept demonstrations. There have been only a handful of reported cases of juice-jacking in the United States so far, and only a few of those reports have been verified. However, it is always important to be conscious and aware of the kinds of attacks that can exist to threaten you and your devices.
Author: Quinn Johnson, Tech Assistant
References
Arntz, P., Arntz, P., & Microsoft. (2019, November 21). Explained: juice jacking. Retrieved from https://blog.malwarebytes.com/explained/2019/11/explained-juice-jacking/.
Ortiz, A. (2019, November 18). Stop! Don’t Charge Your Phone This Way. Retrieved from https://www.nytimes.com/2019/11/18/technology/personaltech/usb-warning-juice-jacking.html.
Wall Of Sheep. (2011). Juice Jacking. Retrieved from https://www.wallofsheep.com/pages/juice.