Home | Blog

Juice Jacking

Juice Jacking Attack

A juice jacking attack occurs when a cybercriminal exploits a public charging station or a compromised charging cable to transfer malware or gain unauthorized access to a user’s device while it is being charged. Here, “juice” refers to electric power, and “jacking” is a slang term for stealing or taking control.

A juice jacking attack takes advantage of the trust users place in public USB charging ports. Once a compromised cable or port is used, malicious software can be installed, allowing hackers to extract sensitive data, track activities, or even take control of the device. As these attacks become more sophisticated, it is crucial to understand the risks and adopt preventive measures to protect personal and financial information

Juice Jacking Attack Scenario

Have you ever heard of a juice jacking attack? We’ve all been there. The dreaded “battery level 20%” pop up on your phone. The sudden change from white to red on the top right-hand corner of the screen. Panic sets in as you start to imagine the catastrophes that would occur should the battery not last until you can charge it again. Parents’ never-ending phone calls and messages asking “Where are you?” and “Why do you leave the house without a charged phone?”. The inability to make purchases with Apple Pay. Not being able to post your gym picture on Instagram (because if you didn’t share it online, did it even really happen?), and the list goes on.

At last, you spot the charging kiosk in the distance, illuminated as if by divine light. The sweat subdues as you make your way closer and closer to the holy temple. As you finally connect the wire to your phone, you let out a long sigh of relief. All is well in the world again. The birds are singing, and the clouds are parting to let the sun stream through.

How a Juice Jacking Attack Works

But no. This is not a safe moment. Trump is president, Brexit is still occurring, and hackers are out to get you. Yes, you. That late-night burger you ordered online, or those shoes, both required something that attracts hackers. Your credit card details. And they are obtaining those details, along with other sensitive content such as personal information, through a tactic called “juice jacking”. Don’t let that alliteration fool you. Juice jacking is a real threat and just by using a free public charging spot, a cybercriminal can take complete control of your smartphone and inject malicious code. In as little as one minute, a virus can be transferred onto your device which then starts to export sensitive data and passwords directly to the attackers.

Understanding a Juice Jacking Attack

Let me bring some clarity to this confusing and earth-shattering revelation. A computer is concealed within the charging kiosk, or in the cables, that are there for you to unknowingly use. The cables are programmed to automatically pair with smartphones once they have been plugged in, allowing the rogue computer to freely access all the data on your device. All your food pics? Yes, the perpetrators can gain access to those. All your group chat banter? Yes, they’re seeing those, too, and maybe even laughing along at your jokes. But you won’t be laughing because they also have access to your bank information. And, if you “trust” the cable you have just plugged into your device, attackers can access your data long after you’ve unplugged your phone.

So, that free charging kiosk you thought would solve all your problems? It might just drain your bank account.

Can Juice Jacking Chargers Steal Data?

The type of data that hackers can steal through a juice jacking attack varies based on the attacker’s methods and the device’s vulnerabilities. When you connect your phone or other electronic device to a compromised charging station, the attacker can access and steal:

Personal Information

Hackers may attempt to steal personal information such as contact lists, emails, messages, and social media accounts. Hackers can use this information for identity theft, phishing attacks, or other malicious purposes.

Login Credentials

If you’ve saved login credentials on your device for various apps and websites, hackers can potentially steal this information. This includes usernames, passwords, and other sensitive login details.

Financial Information

Hackers might target credit card numbers, bank account information, and other financial data stored on the device. They can use this information for fraudulent transactions or to gain unauthorized access to financial accounts.

Personal Files and Documents

Hackers can also target files and documents stored on the device. This might include sensitive work-related documents, personal photos, videos, or any other type of file that you have on your device.

Location Data

Some apps and devices store location data that hackers can access. They can use this information to track your movements or target you with location-based attacks.

Device Information

Hackers might target the device itself, seeking its unique identifiers (IMEI, serial number), device model, operating system version, and other technical details. They can use this information for further attacks or sell it on the dark web.

It’s important to note that a juice jacking attack relies on the false sense of trust users place in public USB charging ports. When you connect your device to a compromised port, you’re essentially giving the attacker access to your device, which can lead to various types of data theft.

How to Prevent Juice Jacking Cyberattack?

To protect yourself, it’s best to follow preventive measures, such as using wall chargers, portable power banks, data blockers, and being cautious with public charging stations.

  • Use Trusted Charging Sources: Stick to using your own charging cables and power adapters or trusted charging stations. Avoid using public charging stations or cables from unknown sources.
  • Use USB Data Blockers: USB blockers are small devices that prevent the data pins in a USB cable from making a connection while allowing the power pins to connect. This way, only power is transferred, and data transfer is blocked.
  • Carry a Portable Charger: To avoid the need for public charging stations, carry a portable charger with you. This way, you can charge your device using your own power source.
  • Disable Data Transfer: On your device, disable data transfer when connecting to unknown or untrusted charging sources. Some devices allow you to configure USB settings to only allow charging.

Sepio’s Network and End Point Patented Technology

The Sepio platform uses innovative and patented technology focused on enhancing the security of the physical layer in the OSI Model. The OSI Model’s physical layer is fundamental for network infrastructure and actual data transmission. Sepio employs advanced visibility and control features to effectively manage risks and promptly identify potential threats to your network.

Sepio is the only company in the world to undertake physical layer fingerprinting. Unlike many other cybersecurity solutions that may neglect physical layer visibility and hardware security, Sepio concentrates on protecting against threats such as network implants, rogue devices, and malicious activities that operate at the physical layer. This includes addressing issues like spoofed peripherals, such as USB attacks and a juice jacking attack.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. They will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

November 1st, 2020
Jessica Amado

Jessica Amado
Head of Cyber Research

Related Posts

  •
    Network Devices

    Invisible or hidden Network Devices detection is security processes aimed to detect malicious unauthorized devices connected to a network.

  •
    Smart TV Hacking

    Smart TV hacking refers to unauthorized access and manipulation of smart television systems, which are equipped with internet connectivity.