Juice jacking can be a risk at public USB charging stations. Learn how it works and how to protect your devices.
If you find yourself somewhere with your smartphone battery running low, you might not think twice about plugging it into the nearest USB charging station.
But wait a minute. Warnings about juice jacking may make you reconsider.
It could be that someone has loaded malware onto the USB port or USB cable connected to one of these public charging stations. While your phone is charging, the perpetrator could infect your device with a virus or malware that could track your keystrokes and even steal your data. That's juice jacking.
Juice jacking doesn't appear to be a widespread threat yet, but it's a good idea to understand your risks and alternatives before giving your battery a boost at public charging stations like those at airports or hotels.
How juice jacking works
Whether you have an iPhone, BlackBerry, or Android device, smartphones have one thing in common: power delivery and data flow pass through the same cable.
This could be problematic. When your phone connects to another device, it pairs with that device and establishes a trust relationship. That means the devices can share information. So during the charging process, the USB cable opens a path to your device that a cybercriminal could exploit.
On most phones, data transfer is disabled by default (except on devices running older versions of Android), and the connection is only visible on the end providing power.
For example, when you connect your phone to your computer, you may see a message on your computer asking if you trust the device.
In the case of juice jacking, the owner of the device won't see what the USB port is plugged into. So when you plug in your phone, if someone is watching on the other end, they could move data between your device and theirs.
Risks to your devices and data due to juice jacking
Here are the two risks to consider:
Data theft
When a device is plugged into the public USB port, a cybercriminal could have compromised that port and allowed malware to infect your connected device. This would potentially allow someone to steal data from your mobile device.
By using a sniffer program on your device, a cybercriminal could search for personally identifiable information, account credentials, and financial information.
If the perpetrator can transfer that data to their device, it could be enough personal information to impersonate you or access your financial accounts.
Installing malware
Cybercriminals can use a malware app to clone your phone's data and transfer it to their own device. Other malware can help them collect data like your GPS location, purchases, social media interactions, and more.
How to protect yourself from juice jacking
- Avoid using public and unknown USB charging stations. Instead, it is preferable to use the original charger and cable provided by the device manufacturer.
- Use power adapters instead of connecting directly to unknown USB ports.
-
Keep your mobile device software, including the operating system and applications, up to date to ensure you have the latest protections against malware and known vulnerabilities.
-
If it is not possible to avoid using a public USB charging station, it is recommended to use a USB cable that only has power connections and not data connections. These cables, known as "charging cables," only allow power transfer and not data communication.
Our for travelers
The safest charging cable.
"Charge only" design, no data pins for transfer blocking. Protects against data theft/corruption and leak prevention while stopping spyware and malware attacks on smartphones and mobile devices.
USB PASS-THROUG
BLOCK DATA IN ANY SCENARIO WITH THIS ADAPTER
These adapters allow power to flow, but disable the data pin on the USB charger. This means that the device will charge, but data will not be transferred.
Developed in cooperation with the Danish Armed Forces
