Last Updated on March 18, 2021 by Calvin C.
Juice jacking is a malicious act of transferring malware into a victim’s phone via a public charging port.
In most cases, you plug in your mobile device as an emergency when your battery is dying.
These public charging ports are intended to provide convenience to the public and should only transfer power to your phone, nothing more.
However, cybercriminals tamper with the port so that once you connect your device, malicious software is transferred or your personal data is stolen.
Juice jacking hot spots
You commonly find public charging USB ports in these areas:
- Public Bus Stops
- Benefits Office
- Food Banks
- Coffee Shops
- Fast Food
History of juice jacking
This method of cyberattack was first described back in 2011 by Brian Krebs of krebsonsecurity.com, who researched on the subject.
The goal was to educate the people on dangers of using public USB charging ports.
When carrying out the research, a charging station at a kiosk was equipped with various types of charging cables to attract many people.
The kiosk had a screen that ran an Ad for free charging.
When a phone was plugged in, a message appeared on the screen warning people about the risk of juice jacking.
In a statement, Krebs said, “In the three and a half days of this year’s DefCon, at least 360 attendees plugged their smartphones
into the charging kiosk.”
One reason why people use public chargers is low-battery anxiety.
Low-battery anxiety is real and it is usually triggered by a warning that the battery is low, usually 15%.
This kind of condition leads one to more likely use a public charger, hence a higher risk of being hacked.
Coupled with focus on business of the day, the last thing on one’s mind is the possibility of a malware attack.
How juice jacking works
This is a form of hardware-based Man-In-The-Middle Attack (MitM attack).
A USB port is universally designed to be able transfer data and power so it’s not easy to tell which port has been tampered with.
A normal, legitimate charging port is modified to another version that is capable of delivering malware to any phone that is plugged in.
In some cases, it comes as a USB-based AC adaptor that is modified to deliver malware, like the Keysweeper introduced by Samy Kamkar in 2015.
Cybercriminals can also modify a USB charging cable and leave it connected as if the owner has forgotten it.
Once you plug in your phone, either malware is introduced into the device or data is stolen.
Ways to protect yourself from juice jacking
In most cases, you can’t tell if a charging port has been tampered with or not.
The best way to stay safe is to avoid public chargers altogether and charge your mobile device at home.
If you have to have to charge your phone outside your home, make sure you maintain control of every part of the charging process by using YOUR OWN:
- Charging cable
- Portable charger
Another viable option is to use a power-only USB cable that has no pins for transmitting data. With such a cable you are guaranteed that no malware is transferred to your device and your data is not stolen.
If you have no other option but to use a public charger, then you need a USB Condom.
This device acts as data blocker and when you connect a regular USB cable, no data transfer takes place.
You can order one on Amazon and protect yourself from juice jacking.
Another precaution you need to take in a public place is to be aware of the risks of using public WiFi.
These have been described in detail in an article about Pineapple attack. You can protect yourself from such a malware attack by using a VPN.
These best VPNs that we recommend are:
The first step to fighting juice jacking is to be aware that it’s there.
Cybercriminals stop at nothing to target as many victims as possible so make sure you implement the above measure to be safe.
Do you use public USB charging ports often? Leave comments below and share the post with your friends.