Sepio | Blog

Juice Jacking

Juice Jacking

Juice jacking is a type of cyber attack that involves using a public charging station or a compromised charging cable to transfer malware or gain unauthorized access to a user’s device while it is being charged. The term “juice” refers to electric power, and “jacking” is a slang term for stealing or taking control.

Juice Jacking

Have you ever heard of juice jacking? We’ve all been there. The dreaded “battery level 20%” pop up on your phone. The sudden change from white to red on the top right-hand corner of the screen. Panic sets in as you start to imagine the catastrophes that would occur should the battery not last until you can charge it again. Parents’ never-ending phone calls and messages asking “where are you?” and “why do you leave the house without a charged phone?” (it was charged when I left, mom). The inability to make purchases with Apple Pay. Not being able to post your gym picture on Instagram (because if you didn’t share it online, did it even really happen?), and the list goes on (Remote Work Challenges).

Alas, you spot the charging kiosk in the distance as if it were illuminated by God himself. The sweat subdues as you make your way closer and closer to the holy temple. As you finally connect the wire to your phone, you let out a long sigh of relief. All is well in the world again. The birds are singing, and the clouds are parting to let the sun stream through.

Juice Jacking Tactic

But no. This is 2020 and the world is a gloomy place to be. Trump is president, Brexit is still occurring, and hackers are out to get you. Yes, you. That late-night burger you ordered online, or those shoes you ordered, both required something hackers are drawn to. Your credit card details. And they are obtaining those details, along with other sensitive content such as personal information, through a tactic called “juice jacking”. Don’t let that alliteration fool you. Juice jacking is a real threat and just by using a free public charging spot, a cybercriminal can take complete control of your smartphone and inject malicious code. In as little as one minute, a virus can be transferred onto your device which then starts to export sensitive data and passwords directly to the attackers (Why you should avoid public phone charging stations).

But How Do They Do It?

Let me bring some clarity to this confusing and earth-shattering revelation. A computer is concealed within the charging kiosk, or in the cables, that are there for you to naively use. The cables are programmed to automatically pair with smartphones once they have been plugged in which allows the rogue computer to freely access all the data on your device. All your food pics? Yes, the perpetrators can gain access to those. All your group chat banter? Yes, they’re seeing those, too, and maybe even laughing along at your jokes. But you won’t be laughing because they also have access to your bank information. And, if you “trust” the cable you have just plugged into your device, attackers can access your data long after you’ve unplugged your phone.

So, that free charging kiosk you thought would solve all your problems? It might just drain your bank account (Be Cyber Smart).

Can Juice Jacking Chargers Steal Data?

The type of data that can be stolen through juice jacking can vary depending on the methods used by the attacker and the vulnerabilities of the device. When you connect your phone or other electronic device to a compromised charging station, the attacker can access and steal:

Personal Information: Hackers may attempt to steal personal information such as contact lists, emails, messages, and social media accounts. This information can be used for identity theft, phishing attacks, or other malicious purposes.

Login Credentials: If you’ve saved login credentials on your device for various apps and websites, hackers can potentially steal this information. This includes usernames, passwords, and other sensitive login details.

Financial Information: Credit card numbers, bank account information, and other financial data stored on the device could be targeted. This information can be used for fraudulent transactions or to gain unauthorized access to financial accounts.

Files and Documents: Hackers can also target files and documents stored on the device. This might include sensitive work-related documents, personal photos, videos, or any other type of file that you have on your device.

Location Data: Some apps and devices store location data, which can be accessed by hackers. This information can be used to track your movements or target you with location-based attacks.

Device Information: Hackers might be interested in the device itself, such as its unique identifiers (IMEI, serial number), device model, operating system version, and other technical details. This information can be used for further attacks or sold on the dark web.

It’s important to note that juice jacking relies on the trust users place in public USB charging ports. When you connect your device to a compromised port, you’re essentially giving the attacker access to your device, which can lead to various types of data theft.

How to Prevent Juice Jacking

To protect yourself, it’s best to follow the preventive measures, such as using wall chargers, portable power banks, data blockers, and being cautious with public charging stations.

Use Trusted Charging Sources: Stick to using your own charging cables and power adapters or trusted charging stations. Avoid using public charging stations or cables from unknown sources.

Use USB Data Blockers: USB data blockers are small devices that prevent the data pins in a USB cable from making a connection while allowing the power pins to connect. This way, only power is transferred, and data transfer is blocked.

Carry a Portable Charger: To avoid the need for public charging stations, carry a portable charger with you. This way, you can charge your device using your own power source.

Disable Data Transfer: On your device, disable data transfer when connecting to unknown or untrusted charging sources. Some devices allow you to configure USB settings to only allow charging.

Sepio’s Patented Technology

Sepio platform innovative and patented technology focused on enhancing the security of the physical layer in the OSI Model. The OSI Model’s physical layer is fundamental for network infrastructure and actual data transmission. Sepio employs advanced visibility and control features to effectively manage risks and promptly identify potential threats to your network.

Sepio is the only company in the world to undertake physical layer fingerprinting. Unlike many other cybersecurity solutions that may neglect physical layer visibility and hardware security, Sepio concentrates on protecting against threats such as network implants, rogue devices, and malicious activities that operate at the physical layer. This includes addressing issues like spoofed peripherals, such as USB attacks or juice jacking attacks.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

November 1st, 2020
Jessica Amado

Jessica Amado
Head of Cyber Research

Related Posts

  •
    Invisible Network Devices

    Invisible or hidden Network Devices detection is security processes aimed to detect malicious unauthorized devices connected to a network.

  •
    Smart TV Hacking

    Smart TV hacking refers to unauthorized access and manipulation of smart television systems, which are equipped with internet connectivity.

  • Newsletter

    • Tags