What’s juice jacking?
While newer phones have ditched the cable charger and moved on to wireless charging, older models still rely on power cords to transmit power to the mobile device. The problem with this setup is that the cable used for charging can also be used for transferring data. This setup is easily exploitable, and trust opportunists to do just that. When you use a public cable, they gain user access by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code into your device.
Attacks can be an invasion of privacy: your phone pairs with a computer concealed within the charging kiosk, and information such as private photos and contact information are transferred to a malicious computer. The computer can then access a host of personal information on the device, including your address book, notes, photos, music, SMS database, and keyboard cache. It can even initiate a full backup of your phone, all of which can be accessed wirelessly anytime.
But attacks can also be in the form of malicious code directly injected into your phone. A public USB hub can be used to transmit malware-ridden programs or tracking applications to the user’s mobile phone. All it takes is one minute of being plugged into a harmful charger.
How to avoid juice jacking
The most effective precaution is simply not charging your phone using a third-party system. Here are some tips to help you avoid using a public kiosk charger:
- Keep your battery full. Make it a habit to charge your phone at your home and office when you are not actively using it or are just sitting at your desk working. When unexpected circumstances happen and you get stuck outside, your phone has juice.
- Carry a personal charger. Chargers have become very small and portable, from USB cables to power banks. Always have one in your bag so you can charge your phone securely from a power outlet or on the go using a power bank.
- If possible, carry a backup battery. If you’re not keen on bringing a spare charger or power bank, you can opt to carry a spare battery if your device has a removable battery, or a battery case (a phone case that doubles as a battery).
- Lock your phone. Without the proper PIN code, fingerprint scan, or face ID, your phone cannot be paired with the device it’s connected to.
- Use power-only USB cables. These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission. They will charge your device, but data transfer is impossible.
Technology threats are all around us. Even the tiniest detail like charging your phone at a kiosk charger could affect the security of your device.
Looking to learn more about today’s security and threats? Contact us today and see how we can help.