Many times it happens that we are in a public place like an airport, train station or at a wedding party and our phone battery dies. It needs a charge, which is referred to as Juice here. At this time, when we get a USB charging point, we get tempted to charge our phones via USB public charging stations at these places.

These USB charging stations in public areas could be tempered by hackers who are looking for stealing your money and identity. It means attackers can take your data on a mobile device while providing a charge. This kind of cyber threat is known as Juice Jacking.

Juice Jacking is a severe risk to all smart devices which use USB port like smartphones, tablets, and laptops. In a short time, these infected charging USB port can transfer malware (a virus) on to your device, which can exploit sensitive data and password information to hackers. Be aware it might be a trap for juice jacking. A free charge can result in money theft from your bank account.

How does juice jacking work?

When you plug your device like your phone, laptop using a USB port, then it starts the charging but also gives us the option to transfer the file to and from the phone. This dual behavior is possible because a USB port is capable of data transfer and charging both. A USB connector typically has five pins, where only one pin provides charging capability, and the other two pins are for data transfer. By default, data transfer is disabled in all new android versions. In this connection, the power provider device can see the connection option and can enable data transfer between two devices.  Attackers can use this fact as vulnerability.

In Juice jacking, there are two types of threats – data theft and malware installation.

Data theft

In a juice-jacking attack, cybercriminals could steal any or all data from mobile devices connected to charging stations through their USB port using a fully automated data theft process. There are crawler programs that can search your connected device for personal identification information, account credentials, credit card data in seconds. Many malicious apps can clone some or all the data.

Malware installation

The second type of juice-jacking attack would involve installing malware on a user’s device. In this, data theft is not the end goal, though it is often part of the service of other criminal activities. If cybercriminal actors want to steal data through malware installed on a mobile device, it won’t happen upon USB connection but, instead, take place over time. This way, hackers could gather more and varied data, such as GPS locations, purchases made, social media interactions, photos, call logs, and other ongoing processes.

What are the ways to prevent Juice Jacking?

Apple’s iOS has implemented multiple security features, which includes that it does not allow the device to automatically mount as a hard drive when plugged into the USB port. Similarly, Android devices also prompt the user before allowing the device to fit as a hard drive. From Android release 4.2.2, Android has implemented a whitelist verification step to prevent attackers from accessing the Android Debug Bridge without authorization. While the above things are in place, you also need to understand below points instead of panic when your mobile battery dies –

Keep Your Cell Phones Charged: Always try to charge your device at a trusted place like your home or office.

Carry your Charger: It does not take much effort to carry a mobile charger which can be plugged to an electrical charging point while you travel.

Carry your charge backup like Power Bank: Power banks are great to meet your immediate charging requirements. A power bank having 10000mAh capacity can quickly charge your mobile for more than two times.

Switch off Your Mobile Device While Charging: If a charging kiosk is the only way to juice up your phone, ensure that you switch off the mobile device before connecting it to the charging port. When your mobile is in switched off condition, it cannot link to other devices for any data transfer.

Use charging only USB cables: You can use USB cable which does not have data wires in it (used only for charging purposes).

Use Juice jacking defender device (USB data blocker dongle):  If you are too desperate to charge using a USB option, then use a Juice jacking defender device that disables data transfer pins; hence blocks data. You can easily find these devices for 10$ on most of the e-commerce websites.

Don’t borrow charge:  Don’t use someone else’s laptop or charging device for charging your mobile device.

Also, never unlock your device if you are charging at public charging stations because most of the tools do not allow data sync while the device is locked.

How to identify if you are a victim of juice jacking?

  • A sudden increase in battery consumption or fast discharge indicates that a malicious app may be running in the background.
  • The device works slower than usual or restarts without notice
  • Mobile apps are taking a long time to load or crashing frequently.
  • The device has an excessive heating problem.
  • Device settings changes that you did not make.
  • Abnormal mobile data usage.

What to do if you think that you have been a victim of juice jacking?

If you are the victim of juice jacking, then there are few things that you can do to protect your device –

  • You should monitor your device for unusual activity
  • Remove suspicious or unused applications or files.
  • The best way is to restore your device to its factory settings
  • Install anti-virus software to scan your device and remove malware.
  • Keep your mobile device’s system software up to date. Many times app developers release patches against common types of malware.

In Summary, Chances of juice jacking attacks are very less, but why should we take a risk? Anti juice techniques are easy to use and inexpensive. Our awareness is the first and best prevention against any hacking technique, including juice jacking.