What is Juice Jacking?

Public charging stations are becoming more and more common in airports, shopping malls, and libraries to offer charging services for individuals mobile devices. These stations usually come equipped with all a person needs to charge their phone including a power supply, cable, and in some cases a lock so that you can leave your phone unattended while you continue to shop, study, or eat. 

While these stations offer a certain level of convenience, it's important to ask how safe they are? Is it possible that plugging your phone up to these stations could open yourself up to attack? Juice jacking is a relatively new attack vector that could prove dangerous for individuals needing to charge in public.

Juice Jacking

"Juice Jacking" refers to a method of attack in which cyber criminals compromise a charging port on one of these public charging stations in order to steal data, install keyloggers, or inject malware into victims mobile devices. All mobile devices receive data and power via the 5 pin port, usually at the bottom of the devices. In fact, only one pin is used to supply power to the device while the other 4 are used for data transference. An example of this is when you upload pictures from your phone to a PC or laptop. You'll use the same port you use to charge the phone as you do to connect the mobile device to the computer. Usually, when establishing this connection you'll receive a notifications asking if the device you are connecting to is "trusted". 

When you connect to a public charging station, trusting the device is often not an option. Once this connection is implemented, attackers have free range to install malware or other surveillance software onto the victims device.

While not the most common attack vector, the FBI still warns against using these public charging stations in order to ensure privacy on your personal devices. The FBI offers similar guidance on its website to avoid public chargers.

Charging Alternatives

When out in public, consider alternatives to charging stations when you're in a bind and low on battery.

• Portable Charging Bank: Purchasing a portable power bank is a simple alternative to using potentially compromised USB ports. These power banks vary in size and shape, but often are small enough to fit in a pocket or bag.
• Standard Wall Outlets: Standard AC wall outlets are considerably more secure than public USB ports. Since AC outlets only provide power and can't transfer data they offer a simple and secure charging solution while out in public.
• USB Pass Through Devices: A USB pass through device acts as an adapter to ensure that when plugging into a public charging stations no data is being sent either way across the wire. You can enjoy the benefits of charging without the security risk.

Make sure that when your out in public you're keeping security in the back of your mind. Protecting yourself at home and in public are equally important!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.