Cyber attacks and juice jaking, a phenomenon that is unfortunately increasingly expanding also due to “progress” (obviously in a negative key) techniques of data theft and creating damage to mobile devices while they are being charged in public places.
Therefore, when using public USB charging services, which are increasingly popular in stations, airports, hotels and open spaces, you need to be very careful. A hacker via the USB charging station, it can inject malware or steal data from the charging device or supply much more voltage than necessary to permanently damage it.
This type of cyber attacks has been known since 2011, when it was presented during the Defcon event with the aim of raising awareness of this technique. Since then, several models and structures of cyber attacks have been released – and potentially used – and increasingly sophisticated juice jacking.
There are no arrests of gangs of criminals who exploit this technique. This type of attack is easy to perpetrate and available to everyone, but it is geographically limited and does not allow cybercriminals to target large numbers of people.
Theft of personal data and damage to mobile devices
USB ports are very popular and can be found everywhere around us: from public transport to smart park benches, to charging stations in public areas. The fact that these ports are easily accessible can allow a hacker to tamper with internal circuits to insert a malicious hardware device using the juice jacking technique with the aim of stealing the personal data of unaware users.
In addition to data theft, the operation of the device itself may also be at risk.
USB devices normally run on 5 volts, which is safe voltage for the devices and the included battery. With the Juice Jacking technique, the hacker can increase the voltage of a compromised station with the aim of permanently damaging the devices being charged.
How to defend against juice jacking
In recent years, more and more OS-level security solutions have been implemented or independent hardware adapters have been produced for the safe use of USB power from unknown and untrusted sources. For example, both iOS and Android prevent the device from showing itself as a hard drive when connected to a USB port to prevent unauthorized access to memory and possible data theft.
In general, to avoid being hit by this type of attack, it is advisable to use only power outlets that you trust or to use external recharging batteries when you are away from home.