A security vulnerability in which an infected USB charging station is used to compromise linked devices is known as juice jacking. The flaw takes advantage of the fact that a mobile device’s power is delivered over the same USB cable that is used to transfer data. But people are probably unaware of this that when they are also charging it from the charging port, at the same time it also copies the data from the phone or installs malware. This technique of data theft is called a “juice jacking” fraud.
Through this, data is copied from smartphones, tablets, or computer devices in such a way that it is not even noticed. People frequently charge their devices through charging ports located in areas such as cafes, metro stations, railway stations, and airports. But this method of charging can be harmful. Cybercrooks can use ‘Juice Jacking’ to not only transfer data from your phone but also to wipe your bank account. The number of cases of juice jacking fraud is steadily increasing.
How does Juice Jacking work?
The USB port is frequently utilized as a data transfer medium. When users charge their devices with a USB cable, they may be able to transfer files across devices. For this hackers often use off-the-shelf hardware which is easily installed in the charging port of public charging board. It was created with the sole intention of breaching security and gaining access to information about linked devices. You are completely unaware that your data has been stolen using this method. The data includes all the files from the phone’s contact list, photo gallery to WhatsApp chat, etc.
What could be the harm?
SBI has issued a Twitter warning to the public about this dangerous smartphone malware. Before you connect your phone to a charging station, think carefully. Malware can enter your phone in a variety of ways. After then, hackers can export the data as well as steal the phone’s password. Not only this, but the Los Angeles County District Office of the US also issued a video warning about the USB charging scam. In the video, the Deputy District Attorney had said that a free charger can destroy your bank account.
Types of Juice Jacking Attacks
1. Data theft
Juice jacking can lead to data theft of connected devices. Hackers can search your phone for personally identifiable information i.e. personally identifiable information, account credentials, banking-related data, credit card data, etc. These hackers have the ability to copy all the information on their devices. Nowadays there are many such apps that clone all the data from your phone to another phone.
2. Malware installation
Once the connection is established, the malware is automatically installed on the connected device. Malware remains on the device until it is detected and removed by the users. There are several categories of malware that cybercriminals can install through juice jacking including adware, crypto miner, ransomware, spyware, or even Trojans.
3. Multi-device attack
A multi-device attack is a method of attacking multiple devices at the same time. A device charged by infected cables may infect additional cables and ports with the same malware as an unwitting carrier of the virus, in addition to hurting the device plugged into a corrupted charger.
An attack that renders you helpless. Some virus that is downloaded via a charging device might lock the user out of their gadget, giving the hacker complete control.
This can be avoided
- The best way to avoid juice jacking fraud is to avoid charging your device from the charging port available in public places. If the phone needs to be charged immediately, do not use the USB cable of the charging kiosk to make your charger happy electronically.
- When you are traveling, you can carry a power bank. This prevents the need to charge at public ports. Note that even high-security areas like airports aren’t always secure.
- Everywhere should be alert. Although hacked USB ports are less possible in high-security places, there’s no guarantee that airport charging kiosks haven’t been tampered with, as juice jacked chargers are common can be rapidly installed which is difficult to detect later.
- Most of the juice jacking fraud is done using phone cables. As a result, avoid purchasing low-cost cables, as they may prove to be costly in the future.
- Do not jailbreak your operating system, as it can make your device vulnerable. Avoid installing pirated software or media as there is a possibility of a virus coming from it.
Remember that antivirus can provide extra protection but it won’t be useful when it comes to juice jacking however if cybercriminals try to install malware then antivirus can block apps. So next time when you travel definitely take your power bank and charger with you.