Since 2011, people have been talking about juice jacking and how it is possible to use public USB ports to hack smartphones or other mobile devices. The topic, which was already considered outdated, became a topic of conversation again after the FBI issued an alert in April 2023.
As smartphones started to store all kinds of data and to provide access to personal accounts, these became easy targets of cybercrime. From phishing to the installation of malware and juice jacking, there are dozens of types of cybercrime that mobile devices are subject to.
The latter is related to the existing USB gateways in public charging stations, where hackers replace cables with already compromised ones. In this way, it is possible to have access to existing information on the mobile device that is being charged.
In this article we are going to review what juice jacking is, how hackers carry out this cybercrime and how to avoid it.
Table of Contents:
The term juice jacking was introduced in 2011 by the cybersecurity company Aires Security, which demonstrated an attack during the World Hacker Conference, in Las Vegas, United States of America.
Briefly, juice jacking is the act of stealing data from a mobile phone through a USB cable – which is usually found in public spaces, such as airports or shopping malls. This security breach makes it possible to transfer data or even download malware on the mobile device.
Because it is connected to USB charging cables, this cybercrime is considered a man-in-the-middle hardware hacking. That is, someone has to replace one of the charging station’s cables with another that is compromised.
As it is known, USB cables (regardless of the type of entrance on the mobile device) are not only used for charging them: they are also used to transfer data and files to another device. These USB ports have 5 connection points, and only one of which is used to charge the mobile phone. Other points are used for data transfer.
The differences between a normal USB cable and a compromised one are minimal, so it is plausible that someone could easily connect to a hacked cable without noticing. When connecting to a damaged charging station, the phone’s data may be transferred to another device or the phone itself may become blocked.
Within the types of juice jacking, there are three that are more common in charging stations:
- Data theft – Data transfer via USB cable to another device. The longer the mobile device is connected, the greater the amount of data that will be appropriated by the hacker – it might even be possible to make a full backup.
- Malware – A virus is installed to damage data, manipulate the smartphone, or block the user outside of the it, making them lose access to any app.
- Bulk infection – the hacked USB cable may infect other cables in the public charging station, installing malware in bulk.
When public charging stations became a reality, juice jacking was not a cyberattack that brought a great outcome to cybercriminals. In those years, personal data was not worth much in the market and the cost of hacking a cable was higher. The risk of getting caught plugging a hacked cable into a charging station wasn’t worth the financial reward.
However, with the data market being evaluated in billions of dollars, the return that hackers now have is much greater. In addition, installing a tampered cable is now easier and cheaper.
Due to these factors, juice jacking is currently a greater risk for users of these public charging stations.
To avoid being a target in a juice jacking attack, the best recommendation is not to use public charging stations at all. In order to keep your cell phone charged, always carry a power bank or your usual charger. For this last one, remember to connect it only to a socket directly on the wall.
In case it is more comfortable for you to charge your phone in a public charging station, the recommendation is to use a USB Data Blocker. This “bridge” between USB cables allows you to charge the mobile phone without transferring data to other devices.
Finally, when connecting your smartphone to another device to charge it, always select the “only charge” option, so that there is no data transfer from one device to another