I was at a trade show a few years back and headed to one of the lobby areas of the LA Convention Center to seek out an outlet to grab a little charge on my phone. The situation was comical. Half a dozen people orbiting every outlet to be found, all trying to keep some sort of charge on their device.
Up walked a guy with his laptop bag. He proceeded to pull out a multi-plug power strip, unplug one of the people currently plugged into the outlet, and then plug everything into his power strip. The others who were waiting their turn to charge walked up and he hand-gestured to plug in.
Not a word was spoken in that interaction. Everybody just nodded in approval like he was a rockstar.
It’s a cute story, but we’ve all been in that position where we were drastically low on charge and need some power, right now. Or maybe you’re working on your laptop and grab an outlet to keep your juice topped off for when you don’t have some power available.
These days establishments prep for these scenarios and provide far more power sources and dedicated charging stations with USB ports. It’s a nice improvement, and very welcomed for the “tech on the go” crowd.
Coffee shops. Airports. Hotel lobbies. We’re all familiar with the usual suspects.
You’re probably aware that using Wi-Fi in those places is dangerous without proper protection. However, it ends up that just charging your device in a public place is dangerous.
A recent tweet from the FBI advised to stop using public charging points via USB. Criminals have found a way to use USB charging ports to inject malware into your device.
It’s called “juice jacking,” and it’s been around in theory for over a decade, but has recently become prevalent in practical, real-world attacks.
How does juice jacking work?
One of the big reasons why it is more common now is that devices are using the same cable to transfer power and data. USB-C and Lightning cables have become the universal modern standard and they both were designed for the dual purpose of power and data, having pins for both.
A criminal can compromise a charging port, or a data cable and then leave it for somebody to find and use. In either case, when you plug a cable into your phone or laptop, the criminal can use the data pins to access your device. You can think of it like plugging your device directly into somebody else’s device. They’ll have access to all your data and credentials.
How do you protect yourself from juice jacking?
In order to avoid this, only use your own charger and cable. Don’t plug into an existing USB port, make sure your charger plugs into an outlet directly. If you are on the go a lot, you might want to invest in a USB data blocker. It’s a small device you can get for less than $10 and throw in your bag with your cables. It blocks the transfer of data and only allows power to flow through your cable.
Be aware. Stay vigilant. Stay safe.
If you have any other security questions, then get in touch.