Have you ever heard of juice jacking? We’ve all been there. The dreaded “battery level 20%” pop up on your phone. The sudden change from white to red on the top right-hand corner of the screen. Panic sets in as you start to imagine the catastrophes that would occur should the battery not last until you can charge it again; parents’ never-ending phone calls and messages asking “where are you?” and “why do you leave the house without a charged phone?” (it was charged when I left, mom); the inability to make purchases with Apple Pay; not being able to post your gym picture on Instagram (because if you didn’t share it online, did it even really happen?), and the list goes on.
Alas, you spot the charging kiosk in the distance as if it were illuminated by God himself. The sweat subdues as you make your way closer and closer to the holy temple. As you finally connect the wire to your phone, you let out a long sigh of relief. All is well in the world again. The birds are singing, and the clouds are parting to let the sun stream through.
Juice Jacking tactic
But no. This is 2020 and the world is a gloomy place to be. Trump is president, Brexit is still occurring, and hackers are out to get you. Yes, you. That late-night burger you ordered online, or those shoes you ordered, both required something hackers are drawn to; your credit card details. And they are obtaining those details, along with other sensitive content such as personal information, through a tactic called “juice jacking”. Don’t let that alliteration fool you. Juice jacking is a real threat and just by using a free public charging spot, a cybercriminal can take complete control of your smartphone and inject malicious code. In as little as one minute, a virus can be transferred onto your device which then starts to export sensitive data and passwords directly to the attackers.
How they do it
But how do they do it? Let me bring some clarity to this confusing and earth-shattering revelation. A computer is concealed within the charging kiosk, or in the cables, that are there for you to naively use. The cables are programmed to automatically pair with smartphones once they have been plugged in which allows the rogue computer to freely access all the data on your device. All your food pics? Yes, the perpetrators can gain access to those. All your group chat banter? Yes, they’re seeing those, too, and maybe even laughing along at your jokes. But you won’t be laughing because they also have access to your bank information. And, if you “trust” the cable you have just plugged into your device, attackers can access your data long after you’ve unplugged your phone.
So, that free charging kiosk you thought would solve all your problems? It might just drain your bank account.
Sepio platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.
Hardware Assets Control solution for juice jacking hardware
Sepio Hardware Access Control HAC-1, provides 100% hardware device visibility.
HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.
HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.
The idea is to Verify and then Trust that those assets are what they say they are.
With greater visibility, the zero-trust architecture can grant access decisions with complete information.
Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.
The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected
Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.
Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.
juice jacking hardware
Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged.
With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:
- Do we have an implant or spoofed device in our network?
- How many IoT devices do we have?
- Who are the top 5 vendors for devices found in our network?
- Where are the most vulnerable switches in our network?
Having visibility across all hardware assets provides a more comprehensive cyber security defense.
Reduce the risk of a hardware attack being successful and our private health data being stolen.
Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.
Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools.
Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.
Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this.
HAC-1 fingerprinting technology
Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments.
HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture.
HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices.
Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware.
In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.
Sepio supporting compliance
Sepio’s Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks.
As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.
HAC-1 fingerprinting technology
HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.
In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.
When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.
Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities.
Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident. HAC-1 logs all hardware asset information and usage and maintains such data for a period defined by the system administrator.