As you go about your day, you may find yourself in need of a quick battery boost for your phone or laptop. Public charging points are readily available at airports, hotels, cafés, and even shopping malls. However, these charging points have recently come under scrutiny after the FBI issued a warning about their potential security risks. Criminals have learned how to hijack USB ports to install malware and monitoring software onto devices as they charge – a tactic known as “juice jacking.”
Although the security risk of juice jacking was once thought to be more theoretical than real, it has now become a genuine concern due to the affordability and ease of use of the technology needed to carry out such attacks. This has led to an increase in less sophisticated criminals attempting to use the tactic.
So, how does juice jacking work? The most common charging cables, USB-C and lightning, are dual-purpose and have pins for both charging and data transfer. When you plug your device into a charging port, you only use the charging pins. However, a compromised charging port or cable left behind by someone else could use both charging and data pins without your knowledge. Criminals can then use the data pins to install malware onto your device, allowing them to gain access to your credentials and other sensitive data. Essentially, it’s like plugging your phone into someone else’s laptop.
To protect yourself from this risk, it is best to always carry your own charger and cable and plug it into a power outlet. If using a public USB port is unavoidable, investing in a USB data blocker can help prevent data transfer while still allowing your device to charge.
If you’re a business owner, it’s important to ensure that your employees and customers are aware of the risks of juice jacking and take necessary precautions to protect themselves.