You may have the best and the most costly mobile, however it may not prevent your data being stolen with so much ease as never before. What one needs is just a charging station with power connectivity and a cable.
Let me try explaining why I say so….
The power/data cable that we see in public charging stations, provides unauthorized access to attackers during the charging process; leveraging illegitimate access to get our personal information taken away. This is known as Juice Jacking – a type of cyber attack which originates from USB charging port installed at public places such as airports, cafes, bus stands, etc. Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from a smartphone, tablet, or any other computer device.
The attack could be as simple as extracting all your contact details and private pictures or can be an invasive attack of injecting malicious code directly into your device which can then copy all your passwords of financial data.
Let me try answering few important questions that may help you to be aware of this menace. The best defense against any such attack is being aware of it first so that you may not a fall prey to it.
Question No. 1
How does juice jacking work?
USB port is often used as a medium for data transfer. A regular USB connector has five pins, where only one is needed to charge the device. Two of the other pins are used for data transfers.
As we all often charge our devices via USB ports, it may tend to open up the options to transfer files between devices. The attacker here often uses off-the-shelf hardware that gets installed on the charging port of public charging boards. These are specifically designed to breach security and gain access to connected devices information as soon as the connection is established. And you may lose the data without even knowing about it.
Question No. 2
What harm can it cause to us?
California Los Angeles County District Attorney department has issued alert to local residents and travelers to avoid charging phones at public charging stations, particularly in airports. In Dec 2019, State Bank of India (SBI) also issued warning to its customers about this deadly mobile malware. The two most common harm that juice jacking can do are:
1. Data theft:
Data is stolen from the connected device; there are crawlers that can search your phone for personally identifiable information (PII), account credentials, banking-related or credit card data. These crawlers have the ability to copy all information to their own devices. There are also many malicious apps that can clone all your phones’ data to another phone.
2. Malware installation:
Once the connection is established, malware is automatically installed in the connected device. The malware remains on the device until it is detected and removed by the user. There are many categories of malware that cybercriminals can install through juice jacking, including adware, cryptominers, ransomware, spyware, or Trojans.
Question No. 3
How can I protect my data from Juice Jacking?
Yes, of course! But be sure before you plug in your mobile into any public charging station. Here are five simple tips to help avoid juice jacking. Try them out before it’s too late.
1. Keep your devices fully charged or carry personal charger/power bank with you
This is the most obvious precaution. Make it a practice to charge your phone before you step out. Try and reduce instances of low battery while you are traveling. Charge it full before you step out. Alternatively, always keep your charger and power bank in your bag for charging to maintain control over the data port. You can go longer without needing to tether your phone to a kiosk or wall outlet.
2. Lock Your Phone.
When your phone is locked, I mean truly locked and inaccessible without the input of a PIN or an equivalent pass code, it cannot be paired with any device. Be cautious not to use your face/finger print id for even a second since pairing can happen within a flick of a second. So you have to make sure that the phone is really locked and don’t unlock it while it is in the charging station.
3. Switch off or Power the phone down.
This technique only works on few mobile models as some phones, despite being powered down, still powers on the entire USB circuit and allows access to the flash storage in the device. Hence, this may not be an optimum solution always.
4. Use specialized cables.
You can buy a special USB cable that doesn’t have pinout connections for pins 3 and 2. Therefore it’s impossible to transmit data across the connection. There are companies which make such kind of cables for iPhone, Samsung, HTC, Google, etc. These cables are meant for charging only and prevents data from being transferred anywhere.
5. Use a USB condom.
It is a device that goes between your normal data charging cable and a USB port to block data transfer through the connection. USB condoms are adaptors that allows power transfers but don’t connect the data transfer pins. You can attach them to your charging cable as an “always on” protection.
The best defense against any such attack is awareness. Hope this piece of information may help you safeguard your crucial data. Follow these simple tips, and avoid plugging your mobile into unknown charging stations the same way you avoid opening attachments from unknown senders.
You can also find this article on Times of India.