Juice Jacking: what is it
The expression “juice jacking” refers to a computer hacking technique that involves the manipulation of public USB charging stationssuch as those present in airports, hotels or other public places, to steal user data or install malware on their mobile devices. The term derives from the combination of two English words: juice, which means «juice» or «energy», and jacking which in computer science indicates the action of stealing or taking control of a system.
In practice, cybercriminals install data logging devices on public USB charging terminals, which allow them to access data from users’ mobile devices when they are connected for charging. In some cases, these devices can also be used to install malware on users’ mobile devices, which allows criminals to control their devices or steal personal information, such as passwords and credit card numbers.
Juice Jacking: how to protect yourself
To protect yourself from juice jacking, cybersecurity experts recommend using only your own USB chargers and cables, avoiding using public USB charging stations, and using a wall outlet or portable charger instead. Alternatively, you can use a USB data-blocker adapter that prevents data access while the device is charging.
Juice jacking works similarly to other types of USB-based cyber attacks, such as infecting a computer via an infected USB flash drive. In this case, the attacker uses a malicious USB cable that hides a hacking device, such as a miniaturized computer, so he can steal data or install malware on the victim’s mobile device.
When the victim connects their mobile device to the compromised USB charging station using the malicious USB cable, the hacking device embedded in the cable starts interacting with the victim’s mobile device. For example, it might use hacking software to access data stored on your device, such as photos, text messages, banking details, or login information, or it might install malware that remains hidden on your mobile device and can be used for malicious purposes.
In some cases, the attacker could also use the USB connection to activate features on the victim’s mobile device, such as sending text messages or making calls. However, this type of attack requires a high degree of technical sophistication and knowledge of the specific vulnerabilities of the victim’s mobile device.
For protect yourself from juice jackingIt is important to avoid using public or compromised USB charging stations, use only trusted and verified USB cables, and use up-to-date antivirus software on your mobile device. Additionally, you can use a portable power bank to avoid the risk of juice jacking when you don’t have a reliable electrical outlet.
There aren’t many famous examples of juice jackingbut there have been some cases of similar attacks that used similar techniques. For example:
- In 2011, public charging stations at San Francisco airports were discovered to be installing malicious USB charging kiosks. These kiosks contained malicious software that stole personal information from users’ mobile devices.
- In 2016, a hacker used a malicious USB charging station at a security conference in Las Vegas to install malware on a victim’s mobile device.
- In 2019, the LAPD warned the public to avoid using public USB charging stations due to the risk of juice jacking.
Juice Jacking: the risk
In general, juice jacking is not a common attack because it requires physical access to the compromised USB charging station and the victim’s willingness to use public or unverified charging stations. However, cybersecurity experts continue to stress the importance of being aware of the risk of juice jacking and taking steps to protect your mobile devices.
Cyber attacks like these can seriously harm professionals. However, it is possible to safeguard your data by adopting one Cyber Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
