Juice Jacking, the Threat That Travelers Need to Know About
Juice jacking is becoming a real threat for people, especially for those charging their phones using public USB outlets.
What is Juice jacking?
This so-called ‘Juice jacking’ attack involves criminals loading malware on charging stations or on cables which they leave at public kiosks so they can infect the phones and other electronic devices of unsuspecting users.
These attacks often occur at public charging stations in airports and hotels. Pluggable USB wall chargers that can be plugged into an AC socket can also be used as a channel to infect users’ phones. Once installed, the malware may lock the device or export data and passwords directly to the scammers.
The history of Juice jacking
The data security world first heard of Juice jacking at DefCon in 2011. Researchers demonstrated the attack by setting up a public charging kiosk.
The ugly face of the attack was observed in 2013 when a proof-of-concept for Mactans was introduced by researchers at the Black Hat conference. Mactans used electronics that could fit into a USB wall charger or AC adaptor to deliver iOS malware in 80 seconds. The attacked iOS device would look normal but a trojan would be launched as soon as the user opens Facebook. The researchers had used a low-cost BeagleBoard to power the device.
Video jacking is the next level
A new security buzzword: Video jacking was coined in 2016. This type of attack involves a USB charging cable recording and sending video footage from a smartphone screen once a connection with the target phone is established. This would enable the attackers to steal any personal or authentication data that might appear on the screen. This attack method can affect anyone using an HDMI-ready smartphone.
Here are some best practices for avoiding juice jacking attacks:
- Avoid using public charging stations offer USB ports
- Use your own AC charging adaptor and your own cables to plug into electrical outlets
- Don’t use somebody else’s PC for charging your mobile device
If you have any queries,please do not hesitate to contact us: firstname.lastname@example.org