Juice jacking is a method of attacking electronic devices, including smartphones, tablets and laptops, using publicly available USB ports. Such chargers appear more and more often in shopping malls, airports, stations, bus stops and even on buses.
The name of this data theft method comes from an American phrase which, literally translated, means squeezing juice. ‘Juice’, however, has a completely different meaning in this case – it is the colloquial name for the electric current that flows from the USB port through the cable to our phone. Criminals do not so much squeeze the juice as they push viruses into our smartphone or try to obtain data from us.
–
Experts’ calculations show that charging a device in a public USB charger for 80 seconds is enough for it to become infected with malware. Of course, not all USB ports are infected, but it is better to avoid them in public spaces.
Already a few months ago, they warned against juice jacking, among others: experts from the FBI and the US Army Cyber Command (a special US unit specializing in cybersecurity). While a few years ago, attacks using this method were quite difficult to implement because they required physical media to contain the stolen data, in the era of cloud and wireless networks, cybercriminals have an easier task.
However, there are cybersecurity experts who believe that juice jacking is not a real threat. They note that there are no known cases of such use of USB ports. Moreover, they remind us that modern smartphones inform us that data is being sent to the phone.
The Ombudsman warns against juice jacking. Draws attention to the mObywatel application
The problem of juice jacking was also drawn to the attention of the Commissioner for Human Rights, who even sent a letter to the head of the Ministry of Digital Affairs, Janusz Cieszyński, on this matter.
Cyberattacks are one of the greatest threats of the 21st century and, as such, are already quite a common phenomenon. The new methods of these attacks must be the subject of analysis and reflection, as well as response from the competent authorities.
– “For some time now, the so-called juice jacking has been a widely discussed problem regarding cybercrime,” he adds.
The Ombudsman points out that cybersecurity experts distinguish two types of attacks using juice jacking – data theft and installation of malware.
This type of cyber attack significantly interferes with the privacy of users of the equipment mentioned above, which were in contact with the infected port, which is why it has become the subject of interest of the Ombudsman.
– explains Wiącek.
The Ombudsman cites here the warnings issued by the FBI to users of public USB ports, informing them that hackers have found a way to inject malware there. According to Wiącek, in the context of Poland, juice jacking may pose a threat, e.g. to users of the mObywatel application,
Bearing in mind the increasing warnings against this form of cyber attack, I would like to draw the Minister’s attention to this problem and at the same time obtain information on possible actions taken by the Ministry of Digitization and the government in this matter. The Ombudsman is particularly concerned about the possibility of infecting the phone of a user of a public USB port who has government applications on his mobile device – for example, mObywatel
– writes the Ombudsman.
“Citizens should be assured that data stored in government applications is protected from unauthorized access and interception through juice jacking attacks” –
Anyone who installs government applications on their electronic devices should have a guarantee that their data will be properly protected
– he adds.
How to charge your phone in a public space?
Although hacker attacks using juice jacking are relatively rare (compared to phishing or spoofing), it is definitely worth avoiding publicly available USB chargers. However, if we have no choice but to charge our smartphone, remember to:
1) After connecting the smartphone to the charger, do not allow the activation of the data transfer function.
2) Use two-step user verification and biometric login features.
3) Always update your smartphone software to the latest version.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
