top of page
  • Writer's pictureCSNP

Juice Jacking

Author Chris Thomas


Juice jacking is an exploit used to compromise a charging station to infiltrate devices that connect to it. Hackers can load malware on devices via the connection cable. This is known as a man in the middle attack; it is illustrated by the attacker intercepting communication unbeknownst to the user. The attackers sit in between users and the authorized host. Once the attacker has access, they can use it for malicious purposes, stealing login credentials and personal information. In 2011, at DefCon, researchers from Aries Security introduced the cyber security world to juice jacking. They set up a charging station at the event as a demonstration of the applicability of juice jacking. They offered free charging for cell phones, but when they used the charging station, the screen prompted a warning message not to trust the station, but it also informed them that it's a safe charging station. This helped ease the user, but it also informed them of the possibility of malware and malicious software. At least 360 users used the charging station at the event. Apple and Android reacted to these findings and updated their operation systems to inform users with a prompt with different options, such as charging only or file transfer. In addition, the researchers notice that when the phone is turned completely off when charging, it doesn't expose the user to the transfer of data. A year later, Kyle Osborn, a security researcher, explained an attack called Phone to Phone Android Debug Bridge (P2P-AD). This involves using a cable that connects two Android phones. The first Android phone would send attack commands to the second Android phone. This attack would be able to steal authentication keys to access Google accounts. In 2013, during a Black Hat Conference in Las Vegas, Georgia Tech researchers used a Mactans charger. This wall charger is for Apple iPhones and iPads and would afflict malware on any device running any version of iOS in under two minutes. This can be achieved because devices charge their sync cables. The Aries Security group was able to make another breakthrough in 2016, when they were able to demonstrate the ability to mirror smartphones on another monitor. This is called video jacking; it uses a USB charging cable that would send and record video from one smartphone to another. Types of Juice Jacking Attacks

  1. Malware Installation: Malware is installed on the device, inducing many issues such as spoofing, stealing information, capturing data, and stealing passwords.

  2. Multi-device Attack: It infects the device that is attached to the compromised charger. Also, it can corrupt other cables and ports as an unrecognized carrier of the virus.

  3. Disabling Attack: It can prevent users from accessing their devices and data.

  4. Data Theft: misappropriation of banking passwords, email passwords, and other sensitive information.

The FBI and Federal Communications Commission (FCC) have warned the public of the dangers and risks of juice jacking. This threat is seen at airports, hotels, malls, and public places that provide free charging stations for devices. Be aware of "free" cables; they may be infected with malware. Cybersecurity experts stated that the probability of juice jacking would be higher if use is a target of nation-state hackers. The risk of juice jacking is lower than that of other attacks, but it can still evolve into something more sinister. It is good to have the knowledge to be aware and to know how to protect yourself from potential threats. During the holiday season, travel increases. Take precautions by locking all items and keeping a watchful eye on your items at all times. If you have electronics, don't store them in your outer pockets. Ways to prevent juice jacking

  • One of the easiest ways is to use a portal charger to replenish a battery. Make sure the portal charger is fully charged.

  • You can use an outlet plug and your cable. If there are open wall sockets, it's possible to use your own charger. Just a reminder: don't forget to remove it from the socket when you're done.

  • If you must use a charging station, you can use USB data blockers to prevent unauthorized access to your phone's data while it charges. This will block apps from accessing your phone and retrieving sensitive data.

  • The majority of the phones prompt the users to "allow access to your data” or accept “file transfer". You can deny data transfer access from the untrusted device, and it will only charge.

  • Keep the devices up to date with the latest software updates, patches, and security updates.

Wireless charging has been emerging on more devices. It allows the device to charge without physically connecting to a cable. Without the use of a cable, it eliminates the possibility of data transfer. Some airports offer wireless charging devices to the public; the charging time may be slower, but it increases the security of the data.

Your phone is an important aspect of your everyday life; take precautions to protect yourself and your data.

39 views0 comments

Comments


bottom of page