What is Juice Jacking and how to prevent it & protect your smartphone

Public charging spots are a boon to many heavy-duty smartphone users but they can also be a bane. Most of you don’t know that such free public phone chargers can secretly install malware on your device. Public charging ports are indeed a big help when the battery of our mobile devices are drained out, and we don’t have a charger or a power bank; but on the other hand, such ports may also steal all your data by installing a malware in your device.

Public meeting places like coffee shops, offices, airport & hotel lounges, and railway stations have such public charging stations and most of us are often desperate to use them when our devices are low on power. This is where a new cyber attack vector called Juice Jacking comes into play.

For those who don’t know, Juice Jacking cyber-attack involves using a free public smartphone charging terminal for installing a malware on your device using a USB charging port and copying all your data covertly.

Juice Jacking is one of the most underrated security threats around but it is serious nonetheless. A cybercriminal can use free public charging spots to take complete control of your smartphone and inject malicious code. The tech required to compromise a public USB charging port is easily available and many innocent users are often fooled into getting malware installed on their smartphones.

The race to make lightweight and thinner smartphones mean most smartphones manufacturers compromise with the battery capacity. Early phones from Nokia and Motorola used to last for a week but the current crop of smartphones can hardly last through the day. This leaves such smartphone users scurrying for available charging points. To solve such problem, authorities have installed USB charging ports at public places. While they might seem like a blessing, they bring along a hidden threat and plugging your smartphone to a compromised USB port or charger can infect your device with malware. Such USB charging cords are easily seen in places like airports, parks, conference centers, waiting rooms, etc.

The term Juice Jacking was coined back in 2011 to describe such cyber attacks. Juice Jacking allows hackers to inject malware into any smartphone using free charging spots as they use USB ports which make it easier to transfer power and data over the same cable. As said above, the exploit to achieve this is easily available.

To bring this threat into the limelight and educate the attendees, at DefCon 2011, security researchers built such charging kiosks. When no device was connected, the LCD fitted into the charging station showed “Free Cell Phone Charging Kiosk.” However, when someone plugged in a device, the researchers proceeded to prove how such charging stations can be used to inject malware.

How to protect your smartphone from getting Juice Jacked?

The solution to protecting your smartphone from juice jacking is simple and requires the presence of mind more than tech knowledge.

  • First and foremost, it is a good idea to carry a power bank or extra battery. This is the safest and most convenient solution.
  • Another solution is to avoid USB charging at public spots and search for an electrical outlet. Electrical outlets don’t allow data to be transferred so you will be safe from malware.
  • In a situation where you have no choice but to charge with public charging USB port, you can power off the device completely and then plug it in. Powering the smartphone off doesn’t allow transfer of data.

Are you looking for more insights? See:

OODA LLC – Technology Due Diligence – CTO as a service – CISO as a Service