Have you heard of “Juice-Jacking”?

Seeing that I work at a bank I receive numerous memos about different social engineering type attacks and one in particular that I received caught my attention because of how different it was.

Most people have never heard of “Juice-Jacking” because it is a new hacking method used to steal digital data stored on mobile devices, and this happens right in public places.

This type of social engineering attack targets on-the-go users who plug their device into a public charging kiosk in places like airports, train station, hotels and shopping malls. This type of hacking was first introduced this year at DefCon, where they educated attendees about he potential perils of juicing up at random power stations.

They have been talking about how dangerous these charging stations could be because how most smartphones are configured to just connect and allow access to the data on the phone. Anyone who had an inclination to could put a system inside one of these kiosks that when someone connects their phone can steal all of the data off of it or even write malware to the device.

It is recommended to using a power cord, rather than a USB cable to charge your phone when outside your home or office since they do not transmit dat from the phone. If you only have a USB cable on you, turn off the phone before you charge it and some security experts also suggest to adjust the device settings to password protect the ability to transmit data.

Advertisements

6 thoughts on “Have you heard of “Juice-Jacking”?

  1. Good advice. I’m curious, did it mention anything about specific phones being more vulnerable than others?

  2. The article didn’t state anything about certain phones being more vulnerable but in my opinion I would think smart phones like Android and iPhone devices being more vulnerable because they have the capabilities for file transferring using a USB cord which easier than other types of phones. Though I believe the way the article stated all phones were vulnerable if they had the capability of transfer data via a USB cord to a computer.

  3. That’s interesting.. I’ve never heard of it before, nor seen a public location to plug in a USB device. I would still rather plug into an electric outlet instead of a usb port to charge my phone..

  4. I have seen these stations once before (an airport in Florida), but I was under the impression that they were just basically charging stations and were connected directly to an outlet. Now that I think of it, they are a perfect place to gather information. Anything like the Android or Iphone platform is more vulnerable to software manipulation and grabbing information from someones banking application on there phone could defiantly be easy cash for a criminal.

  5. This reminds me alot of this:
    http://laughingsquid.com/usb-flash-drive-dead-drops-installed-in-public-locations-around-nyc/

    I can’t help but think that anyone willing to stick that inside their computer deserves what ever is coming to them, but on android at least there are some simple precautions people can and should use to prevent data from being stolen. All you have to do is set your android phone to charge only mode, and there is no data connection established by the usb cable. I feel that these charging kiosks should have that in big bright letters right next to the usb cables.

Comments are closed.