There are few things in everyday life that instill panic in us more than seeing the low battery indicator on our mobile phone. This is especially troubling during travel, when your mobile device might be frequently switching between cell towers and Wi-Fi hotspots, and chewing up more battery than usual. To help us with this problem, charging stations have graciously been made available for free, in many public places. While this free charge can breathe life back in our digital existence, it can also be the point at which your device becomes victim to a cyber attack called juice-jacking.
What is Juice-Jacking?
Juice-jacking happens when someone connects their mobile device to a USB charging station that has been modified to not only charge the device, but to also copy data from the mobile device, like photos and text messages, or infect the device with malware. This is possible because USB cables provide both charging and data transfer capabilities. Most people notice that, when they plug a mobile device into their computer to charge it, they will also see an application pop up like iTunes does when you plug in an iPhone into a computer. This is because the computer recognizes the mobile device and is offering to back up the data from that device.
Juice-jacking is not a new form of attack, but it is still a real and growing threat. In fact, cybersecurity reporter Brian Krebs wrote about juice-jacking back in 2011 when a group of security researchers set up a charging kiosk at the DEF CON hacker conference in Las Vegas. This kiosk powered people's mobile devices but showed a warning to the users about the dangers of public charging stations.
Where are these charging stations?
Mobile device charging stations seem to be popping up all over. Some typical locations are, airports, hotel rooms, conferences, sporting events/stadiums and coffee shops, but libraries, and even amusement parks can have these stations to keep you powered and connected throughout the day.
How To Prevent Being A Victim Of Juice-Jacking
Not all public USB ports are malicious, however, it is more prevalent than most people think and being ready to practice safe power hygiene at any time can greatly reduce the risk of a juice-jack attack.
Travel with your own USB power adapter. Preferably the one that came with your mobile device. This will ensure that only power is going to your mobile device.
Buy a USB data blocker (also referred to as a USB condom). This device protects against untrusted USB ports because it only allows power to pass through to the mobile device. Are you skeptical? Good! Try it out between your phone and laptop. You'll see that nothing pops up to offer a backup of your phone. There are a number of companies online that sell inexpensive data blockers. I have been happily using PortaPow for years but there are others.
Buy a data blocking cable. Again, these are inexpensive and found online. With so many people backing up mobile devices to the cloud, you may not even need a normal cable that allows data transfer anymore.
Another safe option for charging more modern mobile devices is to use a wireless charging pad since these only provide power to your device.
Don't use untrusted cables. While this example doesn't infect or steal data from a mobile device, here is a video of Kevin Mitnick demonstrating a malicious cable that can install malware on your computer when you use it to charge your phone.
While it seems unlikely that most of the public USB charging stations are malicious, any one of them could be. By being prepared and following a few simple precautionary measures, you can help ensure that your mobile device isn’t draining your personal data as your battery charges.