Juice Jacking – Public USB charging ports are not secure
Juice Jacking is a type of Cyber Attack which involves data theft during the charging of devices on public places. You have seen a lot of charging ports in many public places such as Railway stations, metros and on airports. The most harmful attacking place is the airport.
Process of Juice Jacking –
Basically, in a charging port, there are 5 pins in which only single pin is responsible for charging while others are for data transfer. So what exactly happens is that when we plug in the data cable into the public USB Port, it activates all the pins so data transfer can be easily operated and attacker can also install some malware (spyware, viruses and Trojans) on your device which can not be removed until the user does not own and he can also track your device location.
The Wall of Sheep –
The Wall of Sheep was an event for bringing the awareness among the people to this attack. It is brought by ‘Defcon’ (a well known hacker convention) each year since 2011. So what they did in this event, they set up at the Wall of Sheep village have included a hidden CPU which is used for notifying that the user should not plugged in the “public charging kiosks”.
In the first juice jacking kiosk, there was a screen which changes the message from “FREE CHARGING STATION” to “DON’T TRUST ON PUBLIC CHARGING STATION”.
Security researcher “Kyle Osborn” released an attack named “P2P-ADB” in 2012 in which attacker’s phone is connected automatically to the victim’s device by a USB ON-THE-GO which can steal the user’s data even when the device is locked.
A malicious tool “Mactans” affected the Apple mobile devices at 2013. There was a small sized USB Wall Charging port which was constructed using inexpensive hardware components. This software infects the iOS and masks itself in the same way as Apple masks background processes in iOS.
Video Jacking –
It was same as Screen Recording means any device which is connected to malicious charging station can be tracked all the information which is performing in the user’s screen. It can be anything like your personal photographs, financial passwords and even your social media data.
Trust Jacking –
In this attack, a user permits the access for a computer on an iOS device over USB so this is the trusted access level to the devices’ iTunes API which is accessible over WiFi. This gives the permission to attacker that he can access the device even when it is removed from the malicious charging port.
Protection From Juice Jacking –
- Keep your devices fully charged and always carry your personal charger or power bank so that you have no need to plugged in on public charging stations.
- Keep your device lock during charging. By locking, I mean that the any pattern, password or PIN should be for unlocking your device because your device can not be paired easily when the device is locked.
- Powering on or off works only on few devices so it is not a popular method for avoiding this attack.
- Use special type USB cables which has not that type of configuration which enables the data transfer and charging function at the same time. It is used by HTC, Google, Samsung and iPhone users.
- You can also use a “USB condom” which is placed between your data charging cable and USB port to prevent the data flow. USB condoms are the adapters that permits the charging functionality by stopping the data transfer. You can attach them to your charging cable as “always on” protection.