How often do you use the public charging USB ports to charge your phones, tablets and other devices? Do you know that such public phone chargers can secretly install malware on your device? Yes, that’s true. Public charging ports are indeed a big help when the battery of our mobile devices are drained out, and we don’t have a charger or a power bank; but on the other hand, such ports may also steal all your data by installing a malware in your device. Public meeting places like coffee shops, offices, airport & hotel lounges, and railway stations have such public charging stations and most of us are often desperate to use them when our devices are low on power. For those who don’t know, Juice Jacking is a kind of cyber-attack is termed where a malware is installed on your device using a USB charging port, and all your data is covertly copied.
What is Juice Jacking
We know that the modern Smartphone’s use the same data cable and port for power supply as well as for data streaming. No matter you are using an Android phone, a Windows Phone or an iPhone, the cable used to charge the phone is also used to transfer the data. The public charging ports could be connected to some hidden computers which are paired to your device when you start charging it. This is how eavesdroppers get an illicit access to all your data stored in your phone during the charging process. Malicious code is then injected in your device via malicious chargers to steal the data, and this is called Juice Jacking. Once paired with a desktop computer system, your phone is accessible to the infiltrators, and all your data is at risk including your photos, contacts database, notes, music files and even the cache files. This is, however, still tolerable but the attack can really be invasive where malicious code is injected into your device which will pair your device with the hidden computer machine until you format your phone completely and reinstall the factory settings.
Simply, its an invasion of your phone / personal device while charging it from a public power charge kiosk. No matter what phone / personal device that you use, be it an iPhone, iPad, Android, Windows, or Blackberry they have one thing in common; they need power. The cable you use to do this has two purposes.
1 – to power your phone / personal device
2 – data transfer.
The twofold function of your cable allows for juice jacking during the charging process. A user can access your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or transfer malicious code onto your phone; the device.
How does it work?
Your phone / personal device has to pair with another computer within the charging kiosk. From there your phone / personal device is vulnerable to
a) Your information such as contacts, emails, photos, notes etc can be stolen by being transferred to the ‘stealing device (malicious)’
b) Your phone can have malicious code transferred onto your phone. This malicious code can hold instructions for anything the hacker wants your phone to do.
c) While it may not be immediately evident your phone has become vulnerable, or you may never know, but the risk is that once paired to a computer, it can access your personal information wirelessly at ANY time.Phones can be compromised within seconds of being connected to an hacked charging point.
How to prevent Juice Jacking & protect your device
While the Juice Jacking is not a widespread threat, it is always better to be careful. With some of your common sense and carefulness, you can easily avoid this surreptitious attack on your devices.
Keep your devices charged– This is a very basic rule. Whenever you are going out for a long time, you should keep your devices charged completely. It is always a good idea to keep your phone on charging when you are not using it, say while working, sleeping, eating, etc.
Avoid USB Chargers- Avoid using the public chargers at the first place, and if you need to, make sure that you use the AC/DC chargers instead of a USB charger so that there is only one-way charge only connection between your device and the charger.
Carry a power bank or a charger- Most of the renowned tech brands today are making the power banks, and buying one is a very good idea to avoid any kind of nuisance or chaos created by drained out the phone. If not a power bank, do carry your own charger for sure. You can get the power outlet almost at every public place nowadays, and you can charge your devices with your own charger thereby avoiding the Juice Jacking.
Switch Off the device- If you are not carrying your own charger or a power bank and have to use the public kiosks, don’t worry. Switch off your phone and then plug it into the charging port. This will only let the power supply flow and will avoid any data transit. Remember that power supply is one-way flow and the data transfer flows two-way, so when your device is turned off, it won’t transfer any data to the hidden computer systems linked to the public charging stations. Windows Phone users could be at a disadvantage here as even if your phone is off, it will automatically switch on once you start charging.
Get a charge-only cable- There are two different kinds of USB cables available in the market. Now, not everyone really knows the difference between a charge only cable and a data cable. There is not any apparently visual clue to differentiate between the two, but you can still spot the difference by being a bit extra watchful. The USB charging cables come with two different kinds of ports- one is the charging port cable, and other is cable with combined (data+charging) ports. The Charge-only cable can never transmit the data and supplies higher current charge resulting in fast charging. In simple words, a charge-only cable is a two conductor cable, and a data cable is a four conductor cable. So using the charge-only cable in the public charging stations will certainly prevent your device from being juice jacked.
Use phone’s security features- Most the Smartphone’s today are well-equipped with security features, but we hardly use them. When you connect your phone to a USB cable, it asks for your permission to transfer the data or not. Click on Cancel when you are using a public kiosk or any other computer you don’t rely on. This will stop any kind of data transfer and only let the power supply flow.
Use USB Condom– The public charging stations usually offer the USB charging ports and cables, and it is nearly impossible to define if any of them is accessing your data or not, so it is always better to be extra careful, after all, it is about your personal data. Using USB condom is always a great idea to avoid the Juice Jacking. Many of us might not have even heard about the term ‘USB Condom’, yes this is actually what the tiny device is called, and it rather works in the same way too.
What is a USB condom and how does it work
A USB condom is a small dongle kind of device which can turn your data cable into a charge-only cable. It cuts off the connection of data transfer pins of the USB port electronically and permits only the power supply thereby preventing Juice Jacking. You just need to put the USB condom on the end of your USB data cable, and it will convert it into the charge-only cable thereby preventing any kind of data transmit while using the untrusted public charging kiosks. The term Juice Jacking is not very common and was first used by Brian Krebs on his security blog. Juice Jacking too is not that prevalent but yes it is there, and it can create a problem for your device. Thus it is always advised to be careful while charging your phone on a public kiosk.
In a nutshell, you should avoid using the public charging stations but if you have to use them in an emergency, make sure that you follow the above-mentioned tips and keep your device away from risks like data theft and malware inclusions.