Juice Jacking

Definition

Juice jacking refers to a type of cyberattack where attackers steal private data or install malware on a target device via a public USB charging port.

The attackers can acquire a myriad of sensitive information, including credit card information, passwords, names, and addresses. Moreover, hackers can install malware to show ads, track keystrokes, or add your device to a botnet network.

How to Avoid Juice Jacking?

• Avoid public USB charging stations and instead opt for wireless charging or charging at a wall outlet using your cable.
• Configure additional security measures such as disabling USB pairing, or shutting down your device while charging.

How Juice Jacking Works

Juice jacking is a man-in-the-middle (MITM) attack in which attackers exploit vulnerable users via USB connections. A USB connector usually has five pins, but only one is used for charging purposes, while two of the five pins are used for data transfer.

Cybercriminals use this architecture to hack into your device purporting to offer free charging services. When your device is connected to a charging port or other devices such as gaming consoles, the attackers install malware and steal your private data.

Types of juice jacking attacks

• Data theft: In juice jacking attacks, hackers steal sensitive information without users knowing. They can steal large amounts of data depending on how long you leave your device in a compromised port.
• Malware installation: Malicious software installed during juice jacking attacks can cause serious damage, like device manipulation, spying, lockouts, or data theft.
• Multidevice attack: An infected device can become a carrier of the virus and infect other ports and cables with the same virus.
• Disabling attack: Malware transmitted via the charging port can give the attacker full control of the device, locking owners out.

Juice Jacking History

Juice jacking was first recorded in August 2011 at the DEF CON hacking convention. Guests were given free charging stations, and when they plugged their devices in, an alert popped up warning them to avoid free charging because their devices could be infected with malware.

To curb the threat, Apple and Android updated their software to warn users of new charging ports and allow them to choose whether to trust a charging station. With the update, untrusted charging options only support charging and not data transfers.