What is Juice Jacking?
Juice jacking is when bad actors place a corrupted USB port in a public location, such as an airport or coffee shop with the goal of an unknowing person plugging their cable into it to charge their phone. The port is then used to install malware on the device and steal personal information. In terms of implementation, this type of attack is fairly easy to execute.
Charging kiosks in the era of smartphones have become commonplace in public locations. This is another prime example of hacker using legitimate, everyday technology for nefarious intent. While the attacks thus far have not been common, it is anticipated that these sorts of attacks will increase over the next few years.
How to Protect Yourself
Situational awareness is imperative in cases such as this.
If public USB ports are your only option, be sure to inspect the port prior to plugging in a cable. If it appears off, do not use it. The Federal Communications Commission also said, “If you plug your device into a USB port and a prompt appears asking you to select ‘share data’ or ‘trust this computer’ or ‘charge only,’ [you should] always select ‘charge only.'” Experts also recommend using a USB write blocker. This prevents threat actors from passing any data over USB.
However, the safest option is to avoid public USB ports altogether. If you are anticipating that your device will need to be charged, bring your own charger and plug it in directly to a power outlet or portable charger.
Further Steps
To learn more about cyber threats facing your organization, contact Dean Dorton today.
And for more information on juice jacking, here are some helpful articles:
Traveling? This $7 gadget protects your phone from treacherous USB charging ports