Image by Biljana Jovanovic from Pixabay
What is Juice Jacking?
Juice jacking is a form of cyberattack in which the data on your phone is stolen, or malware is installed on your phone, tablet or any other mobile device via charging ports that double as data connection ports. This is done through a USB connection and is carried out with the use of public USB charging ports. Juice Jacker is also known as USB charger scam.
Regular USB ports should not allow data transfer from your phone since there is no computer connected to them. However, USB charging ports that allow Juice Jacking have been modified by hackers with the installation of an extra unit in the ports that all the transfer of data between your phone and the extra unit. You should also be also cautious when you sell your iPhone and make sure to do factory reset.
How is Juice Jacking carried out?
Usually, the USB cable that you use to charge your phone can also be used to transfer data between your phone and your computer. On all new Android and IOS devices, there is a prompt that lets you select whether or not you want to allow data to be transferred between your phone and your computer. However, in a USB charging port, this prompt should not come up at all since it should only be used for charging.
There are five pins in a typical USB cable, and only one is needed for charging your mobile device. The next two pins are responsible for data transfer as they stand for the +ve data pin and -ve data pin respectively. The last two pins are for ID distinction and Signal ground respectively.
When you connect to a USB port used for Juice jacking, you are likely to see the prompt to allow your device to be used for data transfer. You should note that even if you deny it the permission to allow data transfer, your phone can still be tampered with by the attacker.
What kind of damage does Juice Jacking cause?
Two things can be done on your phone when it is Juice Jacked. The first is Data Theft and the second is Malware Installation.
Data Theft: Data Theft is the most common form of attack in the case of Juice Jacking. Hackers know that your mobile device contains tons of important data such as Personal Identifiable Information (PII), passwords, pictures banking details, credit card pins and so on. This is the reason why they try to steal data from your phone.
You might wonder if it would take a long charge for them to steal that much information from you. Unfortunately, a lot of information can be stolen from you in seconds. The process of data theft can be fully automated, meaning that there doesn’t need to be a hacker on the other end of the charging port for your data to be stolen, all that is required is a connection that allows data transfer.
Malware Installation: This is the second form of attack that you might face through Juice Jacking. In this case, the attacker installs Malware on your mobile device which can then be activated later, to either monitor your activities on your device, steal data gradually or turn your device into a crypto mining server. Regardless of what reason a malware is installed, it is never good for the owner of the device. The worst thing about a malware installation is that it can be on your device for a very long time without being noticed by you.
One of the few ways in which you can tell that your mobile device is infected is if you suddenly start getting fast battery drains, start seeing apps that were not installed by you on your device or increased phone bills.
How do Hackers Juice Jack?
Everyone loves free stuff, especially when they need it desperately. Hackers take advantage of this by leaving infected USB cords hanging off USB charging ports for unsuspecting victims. Sometimes, the USB port itself can be modified to allow data transfer always.
How to Protect yourself against Juice Jacking?
There are a few ways in which you can prevent your mobile device from being juice jacked. Here are ways in which you can protect your data from Juice jacking:
Carry your USB cord: To reduce the risk of using a seemingly abandoned USB charger that is infected with malware, you should always carry your USB charger at all times to charge at public USB charging stations.
Use USB cords that don’t allow data transfer: Another way you can protect the data on your phone with a 100% guarantee is by using USB cords that only allow charging but do not allow data transfer. You can easily buy No data transfer USB online at a very low price that will cost you less than you will pay for letting your data get stolen.
Use AC Ports instead: One of the best ways to prevent your data from being Juice Jacked at a public USB charging station is by carrying your charger so you can plug into an Ac socket and charge risk-free.
Use USB condom or USB blocker: If, for some reason, you are the type that just likes to carry a single USB cable for charging and data transfer when you travel, then there is a safe way for you to charge. Make use of a USB condom or USB blocker as they are sometimes called. A USB blocker disconnects the transfer pins and only allows your USB to serve as a charging cable and nothing else.
