What is “Juice Jacking”?

Written by James Overby, Seltek IT Intern “Juice Jacking,” also known as “Juice Filming,” is a type of cyber-attack introduced within the past 5 years, involving cell phone chargers that serve as a data connection for hackers. These attacks typically happen over USB and involve installing malware to devices or copying sensitive data from smart phones, tablets, or any other computer devices that charges via USB (newer models of Macs).

How to Prevent “Juice Jacking”

• Keep a power bank (portable charger) or alternative means of charging handy if you know you may need to charge your device. This is the easiest and safest solution, as well as convenient.
• Avoid using public USB charging. Look for electrical outlets on a wall instead of USB ports. Electrical outlets do not allow data to be transferred either way therefore mitigating the risk of a hack.
• If using a public USB charging station, power the device off completely before connecting it to the station. When the device is turned completely off it does not allow the transferring of data.
• If using public USB charging, purchase a data blocking adapter, such as the PortaPow 3rd Gen Data Blocker ($6.99, check price on Amazon), which connects onto the cable, preventing any data from transferring (See Figure Below for example).

     

Are you vulnerable?

In just about any public setting you can be vulnerable to cyber thieves, varying from airports and train stations, to restaurants. But the actual odds of this happening to you are completely up to the victim. If you use the following prevention methods listed above, it will greatly decrease your chances of being “Juice Jacked.” Juice Jacking is a simple but deadly hack, which can be easily prevented as long as users are aware that of risks hen using public technology.

Common Features hackers look to have when “Juice Jacking”

Since juice jacking is very different from common malware and other attacks, it means that the attack will use new methods and features, listed as follows (list cited alongside reference 1):

• Want the process to be simple but efficient, making the process able to move fast
• User unawareness; meaning by any means possible hackers want it to be the least suspicious attack possible
• No installations needed on the phone’s side; so this is all done without having to prompt users to install any new apps
• Does not need to prompt on the user’s screen to ask for permissions; so it just jumps in and does what it wants
• Cannot be detected by any current anti-malware or security software
• Scalable and effective on both Android OS and iOS.

Hopefully after giving some insight into a hacker’s mind behind “Juice Jacking” you can be better prepared to try and prevent these situations and security breaches from happening to you and others around you.   Reference: Meng, W., Lee, W. H., Murali, S. R., & Krishnan, S. P. T. (2015, April). Charging me and i know your secrets!: Towards juice filming attacks on smartphones. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security(pp. 89-98). ACM.