Open In App

Juice Jacking – Public USB charging ports are not secure

Improve
Improve
Like Article
Like
Save
Share
Report

Juice Jacking is a type of Cyber Attack which involves data theft during the charging of devices on public places. You might have seen a lot of charging ports in many public places such as Railway stations, metros and on airports. The most harmful attacking place is the airport.

Process of Juice Jacking –

Basically, in a charging port, there are 5 pins in which only single pin is responsible for charging while others are for data transfer. So what exactly happens is that when we plug in the data cable into the public USB Port, it activates all the pins so data transfer happens seamlessly and the attacker can also install some malware (spyware, viruses and Trojans) on your device which can not be removed by the user. The attacker can also track your device location.

The Wall of Sheep –

“The Wall of Sheep” was an event where this attack was demonstrated to create awareness among people as a part of the event. It is an interactive demonstration, which is a big part of ‘Defcon’ (a well known hacker convention) held each year since 2011. So what happened at the event is that, they included in the “The wall of Sheep village” (large screen displaying user names and half of their passwords representing somebody that had their login credentials stolen.), a hidden CPU which is used for notifying that the user should not plug into the “public charging kiosks”. 

In the first juice jacking kiosk, there was a screen which changes the message from “FREE CHARGING STATION” to “DON’T TRUST PUBLIC CHARGING STATION”. 
Security researcher “Kyle Osborn” released an attack named “P2P-ADB” in 2012 in which attacker’s phone is connected automatically to the victim’s device by a USB ON-THE-GO which can steal the user’s data even when the device is locked. 

A malicious tool “Mactans” affected the Apple mobile devices at 2013. There was a small sized USB Wall Charging port which was constructed using inexpensive hardware components. This software infects the iOS and masks itself in the same way as Apple masks background processes in iOS. 

Video Jacking – 
It was same as Screen Recording which means any device which is connected to the malicious charging station can track all the activity performed in the user’s screen. It can be anything like your personal photographs, financial passwords and even your social media data. 

Trust Jacking – 
In this attack, a user permits the access for a computer on an iOS device over USB so this is the trusted access level to the devices’ iTunes API which is accessible over WiFi. This gives permission for attacker to access the device even when it is removed from the malicious charging port.

Protection From Juice Jacking –

  1. Keep your devices fully charged and always carry your personal charger or power bank so that you have no need to plug in on public charging stations.
  2. Keep your device locked during charging. By locking, I mean that any pattern, password or PIN should be enabled for unlocking your device because your device can not be paired easily when the device is locked.
  3. Powering on or off works only on few devices so it is not a popular method to avoid this attack.
  4. Use special type USB cables which doesn’t enable data transfer and charging function at the same time. It is used by HTC, Google, Samsung and iPhone users.
  5. You can also use a “USB condom” which is placed between your data charging cable and USB port to prevent the data flow. USB condoms are the adapters that permits the charging functionality by stopping the data transfer. You can attach them to your charging cable as “always on” protection.

Last Updated : 29 Aug, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads