When you’re stuck with a dying smartphone battery, you may not think twice about plugging into the nearest USB charging station. There are kiosks at the mall or at the airport, complete with USB ports ready for use next to the outlet for you to plug in your charging cable. Not so fast. Warnings of juice jacking may cause you to reconsider.
Juice jacking: What is it and how can you avoid it?
If you’re lucky, they’ll also have the charging cables ready for your phone’s charging port. For those with a tiny sliver of battery left and a long waiting time to waste, these may seem like fantastically generous perks and a ray of life for your almost dying smartphone. But think about it for a minute. This is your smartphone. There haven’t been any recent reports of an actual case of so-called “juice jacking” but it exists.
Juice jacking does not yet seem to be a significant threat, and it’s always a good idea to avoid potential risks and alternatives before boosting the battery at public charging stations, such as airports, malls, or even hotels.
What is juice jacking?
Juice jacking is a type of cyber-attack involving a charging port that doubles as a data connection, typically over USB. This could be that someone loaded malware on a USB port or on a USB cable connecting to one of these public charging stations. While your phone is charging, the attacker might be able to infect your smartphone with a virus or malware that could track your keystrokes or even steal your data.
That’s juice jacking.
The idea has been demonstrated by security analysts in the last decade. A demonstration showed that the device could be hijacked by a USB charging station in disguise. And, like skimming a credit card, most hacking or unauthorized smartphone access goes undetected.
So, yes, juice jacking is real.
How does juice jacking happen?
Whether you’ve got an iPhone, BlackBerry, or an Android phone, smartphones have one thing in common: power supply and data stream from the same cable.
This could spell trouble. When your phone connects to another device, it pairs to that device and establishes a relationship of trust. This implies that the apps could share data. So, during the charging process, the USB cord opens a path to your device that can be used by malicious hackers.
On most phones, the data transfer is disabled by default (with the exception of devices running older Android versions) and the link is only available on the power-providing end.
For example, when you plug your phone into your computer, a message on your computer may ask you to trust your device.
In the case of juice jacking, the phone owner could not see what the USB port is connected to. So if you plug in your phone, if anyone checks on the other end, they can be able to access the data between your phone and theirs.
How vulnerable is my phone?
The good news is that mobile phone developers have been working on a solution, and phones have become more stable. As you’ve undoubtedly noticed, Apple devices like your iPhone and your iPad are now giving you “Trust this computer?” dialogue if you connect your phone to a new machine or gadget. In theory, if you say, “Don’t trust,” whichever device that you are connecting to shouldn’t have access to your data. Android phones have similar security and authentication features as well.
If you plug in a charging station that is power-only (like when you plug in the wall with your AC adapter), then you shouldn’t be prompted with “Trust this computer”. If you plug in a public charging station and get that message, it’s a big red flag. Unplug your phone and let the others around you know that there is something wrong.
How do you avoid juice jacking?
Just because potential attacks can be launched over a hacked public charging station doesn’t mean you’re going to have to give up on comfort. Besides keeping an eye out for the “Trust this computer?” There are other steps that you can take. It’s also safer to have layers of protection — clever hackers can override the trusted system authentication.
There are a few ways you could still safely charge your phone in public1
1) Avoid plugging in your device to public USB ports. These ports are the usual targets for attackers to take advantage of. Instead, find a power outlet where you can charge your phone.
2) Bring your own charger. Make it a habit of bringing your own charger so you can be sure that you’re only getting power out of it.
3) Get a power-only USB cable. Consider replacing your USB connecter with one that only transmits power when you charge your device. Cords that can transmit both power and data are more vulnerable to cyber-attacks.
If you are careful, you can reduce your vulnerability dramatically. Not only that, some of the solutions — such as a fast-charging cable or a portable power bank — are useful for more than one reason.
Your best defense against juice jacking is to understand the risks. Keep your device charged at all times, plug in a backup power bank, enable any security features on your device provided by the manufacturer, and consider using a USB pass-through device.
ALSO READ: Email-based Cyber Attacks continue to target users in the Philippines
CIMB Bank, one of the Top 5 largest banks in ASEAN present in over 15 global markets, has extended its reach in 2018 by providing Filipinos a whole new banking experience. CIMB Bank Philippines Inc. is an all-digital mobile bank headquartered in Bonifacio Global City, Metro Manila, Philippines.
CIMB Bank Philippines offers 24/7 safe and secure banking, seamless bank account opening in 10 minutes, one of the best in market rates for savings, no initial deposit or maintaining balance requirements, zero transaction fees, and convenient deposit and withdrawal locations, all done through the CIMB Bank PH app.
GSave is the first-ever bank account that you can open and maintain straight from the GCash app.
The collaboration between CIMB Bank and GCash has given birth to the country’s first-ever bank account that can be opened and maintained straight from the GCash app!
No initial deposit, no maintaining balance, no lock-in period, and no-hassle in moving funds to and from your GCash wallet. Experience 24/7 safe and secure all-digital banking with the CIMB Bank PH App via GSave today.
Register with GCash now and open your new GSave banking account powered by CIMB Bank.
- The safety tips featured on this blog post are presented to us by CIMB Bank, one of the Top 5 largest banks in ASEAN present in over 15 global markets. Visit www.cimbbank.com.ph to know more about their products and services.