Let's start with a quick question, what exactly is juice jacking?
A lot of people are not familiar with the term, but more people are familiar with the concept and just don't know the name.
So you're out and about and oh no! Your phone is nearly dead! How can you watch cat videos!?
Well you can use one of those cool free public charging points, life saver!
Hold up!
They can be a little suspicious!
Would you charge your phone at the pictured 'Cell Phone Charging Station?'
Most likely you would be suspicious because it's obvious that there is something non-standard about it.
(Side note, if you answered 'yes because I am curious' then you may want to look into Cyber Security as a career)
So this is an obvious trap, but the non-obvious ones are where the real malicious threats can lie.
What can they do?
It really depends on their imagination and permissions they can garner on your phone, it will vary largely between phone versions, OS's and permission levels that are open on a phone. But what you can end up with boils down to two main possibilities (listed with potential consequences):
Malware installed on your phone.
This could allow them access to your applications and associated passwords.
They could track your phone's GPS
They could listen in on your calls and view text messages
Your MFA text messages could be read and used to get into secure applications while you sleep.
Your camera or microphone could be activated at any time etc.
Data is copied from your phone.
Your photos and videos may be collected
Any saved data on your phone could be copied for later use
Contact details could be copied and used to construct social engineering attacks against you or your company etc.
So as you can see, plugging your phone in to get some extra power here and there can open you up to significant risk. Even if they are set up in seemingly trusted locations, if the staff do not know when it was installed or who did it - you should seriously consider the trustworthiness of the device.
What can I do then?
One option is to carry a power bank with you, this is something that you can get in varied sizes and shapes to fit your life and despite it being a little annoying to carry another device sometimes - it can be worth it if you frequently run out of power while out and about.
Another option is to get a cable that only allows charging, there are some cables that allow data and charging but these are what are used to extract data or put malware on your phone.
A third option is to purchase hardware that stops this type of attack, there are a few linked below and they allow you to charge your phone without the data connection.
Amazon.com: PortaPow USB-A to USB-C Data Blocker : Electronics
Amazon.com: OSOM Privacy Cable - Data Blocker Switch, Charge Only Mode, USB Type-C to USB Type-C, Helps Prevent Juice Jacking : Electronics
Amazon.com: USB Data Blocker -Protect Against Juice Jacking,Hack Proof 100% Guaranteed, Protection from Illegal Downloading, Any Other USB Device Charging, USB- Data Blocker (2 Red) : Electronics
1m StarTech Secure Data Blocker USB Type C Charging Cable | at Mighty Ape NZ
Summary:
Although Android and iPhone devices have apparently been hardened to this type of attack - there are always going to be security researchers both legitimate and malicious who will try to pull this off. You should not rely on the phone to protect you, use your common sense and purchase your preventative devices from legitimate shops.
As always there are no guarantees, all you can do is take all necessary steps to reduce your risk.
Comments