Juice Jacking Explained. Protect your data from being stolen at public chargers.
There is a panic among several social media users and also common public regarding the usage of public charging stations for our phones. These charges are mostly placed in malls, railway stations, airports and other similar places. Many took to social media to warn others about the dangers of using public mobile chargers and warned users that they data in their phones could be stolen. Following this, there have been many warning alerts from several police departments of India and even some banks have issued a alert to its customers.
Some of the alarm bells from Public
Juice Jacking – Be careful while you’re travelling in public transport and stations. Even pinning your charger can get your data compromised. Carry a power bank with you if your battery capacity is less.
Juice Jacking – Be careful while you’re travelling in public transport and stations. Even pinning your charger can get your data compromised.
Carry a power bank with you if your battery capacity is less. pic.twitter.com/5EVin87nbD
— Vamsi (@nameisvamsi) September 23, 2022
Beware about Juice jacking if you are traveling and willing to recharge your phone at public charging station using USB. By Juice jacking your personal data and your money may get steal from your phone…
Beware about Juice jacking
if you are traveling and willing to recharge your phone at public charging station using USB.
By Juice jacking your personal data and your money may get steal from your phone… pic.twitter.com/mgvpGO4EQ8
— NITIN MEHTA (@mehta_nm_knp) September 28, 2022
Police Reaction
The Jacks of #CyberCrime install malware or surreptitiously copy sensitive data from device when it’s plugged to USB charging ports at public places. Carry your own charger, avoid portable wall chargers & if inevitable use USB data blocker.
The Jacks of #CyberCrime install malware or surreptitiously copy sensitive data from device when it’s plugged to USB charging ports at public places.
Carry your own charger, avoid portable wall chargers & if inevitable use USB data blocker.#NationalCybersecurityAwarenessMonth pic.twitter.com/MabCOsJyKT— UP POLICE (@Uppolice) October 22, 2021
Plugging electronic devices at free #USB port charging stations in Public places may install malware or copy potentially sensitive data. Don’t become the victim of juice jacking.
Plugging electronic devices at free #USB port charging stations in Public places may install malware or copy potentially sensitive data.
Don’t become the victim of juice jacking. #BeCyberSafe pic.twitter.com/iw8IO6Cs1B
— Punjab Police India (@PunjabPoliceInd) September 21, 2022
Don’t charge your mobiles at public places like mobile charging station, USB power station etc. Cyber fraudsters are trying to steal your personal information from mobile and installing the malware inside your phone.
Don’t charge your mobiles at public places like mobile charging station, USB power station etc. Cyber fraudsters are trying to steal your personal information from mobile and installing the malware inside your phone. #StayCyberSafe pic.twitter.com/CubCnYlJn7
— Odisha Police (@odisha_police) September 15, 2022
Think twice before you plug in your phone at charging stations. Malware could find a way in and infect your phone, giving hackers a way to steal your passwords and export your data.
Think twice before you plug in your phone at charging stations. Malware could find a way in and infect your phone, giving hackers a way to steal your passwords and export your data.#SBI #Malware #CyberAttack #CustomerAwareness #Cybercrime #SafeBanking #JuiceJacking pic.twitter.com/xzSMNNNv4U
— State Bank of India (@TheOfficialSBI) December 7, 2019
Juice Jacking
The act of stealing data from phones and other electronic devices through USB cables that are placed at public access chargers in various public areas is called Juice Jacking. As per this scam, there are two ways that it could be used against the users of public chargers. One way is, an infected USB cable is used to steal sensitive and personal data from the phones when connected to it. It could be our credit/debit card information, our login credentials for various sites, our photos and videos etc that are stored in the devices. The other way Juice Jacking works is to infect a malware discreetly in the phones. This malware would theoretically enable the hacker to mirror our screen or the entire phone and constantly monitor our every move.
How this works?
A public charger is set up with USB cables attached to it. These USB cables would be infected and altered to carry malware to the phone or data out from the phone discreetly without alerting the users. Typically, when an USB is connected to the phone which is connected to anything other than a wall charger, a popup appears that triggers us to answer whether we trust the device the phone is connected and also asks for our permission to enable data transfer. But using highly sophisticated hacking methods, a scammer could potentially trick the operating system (OS) in the phone into enabling data access and directly steal data from our phones without alerting the owner of the phone. In other circumstances, the same methods can be used to place the malware too. Once the device is infected and data stolen, the hacker can wipe out bank accounts, misuse photos, videos or contacts from the phone in various ways.
This works because an USB cable is capable of both charging and transferring data at the same time. In an USB cable, there are two pins separately for carrying data in and out of the devices, one separate for carrying power to the device.
Sunny Nehra who is a Cyber Security Expert, Ethical Hacker and a Malware Analyst had posted series of tweets regarding Juice Jacking. In the tweets, he had explained about how difficult it is to juice jack devices through public chargers and how much security in the phones and its operating systems have improved. He points out that for the juice jacking to work, “you will need some exploits (based on some critical flaws in OS of phone) or in fact exploit-chains (in real world scenarios) for automatically injecting & executing some #malware in it. That all being said, theoretically the Juice Jacking on mobile phones via sound cool, but in practical scenario it’s very unlikely to happen with u in real life. These #viral claims have undermined the protection we get from our mobile OS and the requirements of such attacks.”
5/ Even after debugging and enabling the Data Transfer Mode, still it won’t work that simply.
You will need some exploits (based on some critical flaws in OS of phone) or in fact exploit-chains (in real world scenarios) for automatically injecting & executing some #malware in it
— Sunny Nehra (@sunnynehrabro) September 25, 2022
6/ That all being said, theoretically the Juice Jacking on mobile phones via sound cool, but in practical scenario it’s very unlikely to happen with u in real life.
These #viral claims have undermined the protection we get from our mobile OS and the requirements of such attacks.
— Sunny Nehra (@sunnynehrabro) September 25, 2022
Looking at these tweets, it is clear that although possibility of Juice Jacking taking place is less given the difficult its complex nature, it is not impossible. There is a remote possibility of Juice Jacking actually working and harming users as not everybody has access to the latest mobile phones with latest operating systems and also hackers are always innovating to one-up the phones’ operating systems.
How to avoid Juice Jacking?
There are some ways we can avoid juice jacking and they are listed below.
- If there is need to charge when you are out in public, use your own USB charging cable and power adapter to directly connect to the wall connector or the power outlet.
- If you only have the cable but not the power adapter, use ‘USB data blocker’ adapter which cuts off data transfer pins from the cable and enables only charging.
- Update your phones to latest operating systems and make sure USB debugging is enabled in your devices and USB accessories are blocked from using phones data when the phone is locked in phone settings.
- Avoid using public chargers altogether if you can do so.
