We’ve all done it. We’re stuck in the middle of nowhere – otherwise known as an airport terminal – and our phone is about to run out of juice.
You can’t find a power outlet that someone else isn’t already hoarding.
Your only option is that public charging station ‘over there in the corner’.
But is it an option or an invitation to ‘juice jacking’?
What’s ‘juice jacking’?
Juice jacking happens when cybercriminals use publicly accessible USB charging ports or cables to:
- install malicious software on your mobile device, and/or
- steal personal data from it.
In the same way that ‘skimmers’ (card readers) plague ATM’s, cybercriminals are trying to infect your mobile devices such as smartphones and tablets while you charge them.
Juice jacking only takes 60 seconds…
Even a 60-second charge can be enough to compromise your phone’s data. That’s because USB cables allow for transmission of both power and data streams simultaneously.
You could end up being the victim of identity theft or financial fraud. Either is going to result in significant personal stress and expense.
USB charging stations are a common sight in shopping malls, airports and transport hubs, hotel lobbies and fast-food restaurants. More than 1.56 billion smartphones were sold in 2018 alone! They all need charging and sometimes run out of juice at the most inconvenient times. Charging stations have boomed as a result.
If you haven’t head of juice jacking before, it’s probably because it’s not particularly common at present. However, the risk is real enough for the Los Angeles County District Attorney’s Office to recently issue a travelers’ alert, warning of the risk.
How does it happen?
It begins with the criminals modifying the charging stations or cables in public areas allowing them to install malicious software. This software then infects the phones of unsuspecting users who subsequently plug into the tampered charger.
The software can invade, damage or even disable your phone. It can also steal or delete data and even track your data and call usage. It can then transmit that data, including your personal information, account numbers, usernames, passwords, photos, and even emails to the perpetrator.
Is there a way to tell if you’ve been juice jacked?
Unfortunately, hacked mobile devices often go undetected. But there are some warning signs that indicate your device may have been hacked. These include:
- a sudden surge in battery consumption or rapid loss of charge. That happens when a malicious app is running in the background
- the device is running noticeably slower than usual, or it reboots for no apparent reason
- apps taking a long time to load or frequently crashing
- excessive heating (from the malicious app running non-stop)
- changes to device settings that you did not make
- increased or abnormal data usage.
How can you protect devices?
The obvious way is to avoid public charging stations completely. But, of course, that’s like saying ‘cut off your arm’!
Because tampering of USB charging stations or USB cables is almost impossible for consumers like you and me to detect, here are some ‘best practice’ ways to guard against juice jacking:
When away from home or office, always carry an AC adapter and cable so that you can plugin directly to a power source.
Use a portable battery power bank. They are cheap and very portable. As a side note, never accept an offer of a power bank. It is no different to a USB charging station in terms of risk!
If you must use a charging station, use a data-blocking device such as PortaPow, SyncStop or Juice-Jack Defender. These devices physically prevent data transfer and only allow power to go through while charging
Buy a power-only USB cable like those made by PortaPow. These don’t pass any data.
If you absolutely must use a charging station, keep your phone locked while doing so. USB ports usually don’t sync data from a phone that is locked. Most mobile phone operating systems will ask your permission to give the USB port access to your phone’s data when you plug in. Decline!
What to do if you’ve been juice jacked…
If you suspect you’ve been jacked there are several things you can do to protect your device’s integrity:
- monitor your device for unusual activity
- delete suspicious apps you don’t recall installing
- restore your device to its factory settings
- install anti-virus software, such as Avast Antivirus or AVG AntiVirus
- keep your mobile device’s system software up to date. Developers continually release patches against common types of malware.
Have you ever considered the risks of simply plugging an unknown charging cable into your phone? I’m sure you will now!