In today’s digital world, staying connected has never been more important. With smartphones, tablets and laptops becoming an essential part of our daily lives, we are constantly looking for ways to keep them charged up. Public USB charging ports seem to be an easy solution when we’re away from home or work, but the question is, are they really safe?
The answer is not a straightforward one. Unfortunately, cyber criminals have found ways to steal sensitive data via public USB charging ports, a process which is being referred to as ‘Juice Jacking’. In this blog post, we will discuss what Juice Jacking is, what can happen to your device if it’s targeted and ways to avoid falling victim to it.
What is Juice Jacking?
Juice Jacking is a type of cyber attack that occurs when you plug your device into a public USB charging port that has been tampered with. It usually results in your data being stolen or malware being installed on your mobile or laptop. These types of ports are commonly found in airports, coffee shops and shopping centres, as well as on public transport.
While public charging stations weren’t designed with malicious intent, unfortunately, hackers have identified ways to modify them for their own gain. Even the FBI is warning people not to use them: “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”
What’s the purpose of Juice Jacking?
Once they have access to your device, the hacker will likely do one of two things:
- They’ll access your personal data and steal photos, passwords and financial information.
- They’ll install malware that allows them to monitor your online activity and even control your device remotely.
In most cases, it won’t be immediately obvious that your device has been compromised, with the most common signs being overheating, the battery dying more quickly or changes to your settings.
How Juice Jacking works
Juice jacking is carried out in one of two ways: the attacker creates a fake charging station or they tamper with a legitimate one. In regards to the former, the attacker essentially sets up their own malicious station which contains a hidden computer rather than a charger, allowing them to connect to and access your device. In terms of the latter, the attacker will tamper with the existing cable, installing a small computer chip that can intercept and steal data from your mobile or laptop.
Unfortunately, it’s fairly easy for attackers to access data, install malware or even take control of the device using these methods. This is because most mobile devices automatically grant data transfer permissions when connected to a USB charging port, without requiring any additional authentication from the user.
Ways to avoid falling victim to Juice Jacking
The best way to avoid falling victim to Juice Jacking is to avoid using public USB charging ports altogether. However, if you must use a public USB charging port, there are a few things you can do to reduce the risk:
- Use your own charging cable: Rather than using the USB cable provided with the charging port, which may have been tampered with, use your own.
- Use a USB data blocker: A USB data blocker is a small device that blocks the data transfer between your device and the charging port, giving you peace of mind that your information is safe.
- Invest in software security measures: If you do charge your device using a public USB port, make sure it’s locked. This will stop your phone or tablet from pairing with a potentially connected device on the other end of the port. You could also turn the device off completely before charging.
Two other options include:
- Use a portable charger: Portable chargers have come a long way in terms of their battery power, so if poor performance has stopped you from using one before, now may be a good time to consider investing in one.
- Use a wall charger: If there’s one available, you could also use a wall charger instead of a public USB charging port. Wall chargers are generally safer than public charging ports because they can’t easily be tampered with without having to dismantle the socket.
Juice Jacking is a real threat that can compromise the security of your device and your personal data. While it’s best to avoid using them altogether, if you can’t, it’s essential to be cautious and take necessary precautions to protect your device.
Why choose Eventura as your cybersecurity partner?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts can complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.