Juice jacking is a cybersecurity threat that happens when you charge your device at public USB stations. Coined by security journalist Brian Krebs in 2011, the term is a portmanteau of “juicing up” (charging devices) and “hijacking.” This type of attack can lead to harmful software being installed on a device or unauthorized access to a user’s private data. It may occur in public places such as airports, hotels, and other shared spaces where people commonly use public charging ports.
How data is stolen
Juice jacking typically involves compromised USB ports equipped with skimming devices or malware. Skimming devices can extract confidential information such as photos, messages, and contacts. Malware can include ransomware or spyware that locks victims out of their data or monitors activity without their knowledge.
The term gained traction after an experiment at the DefCon 19 hacker conference. Brian Markus, president of Aires Security, along with researchers Joseph Mlodzianowski and Robert Rowley, created a charging station to test whether security experts and enthusiasts would avoid using random power sources. A total of 360 attendees plugged their phones into the kiosk, demonstrating how willing people are to connect their devices to unknown charging stations.
Although there had been no confirmed case of juice jacking yet, experts and authorities still warn the public about the potential threat. The Transportation Security Administration (TSA) also posted a warning that advises travellers not to use public USB charging ports. To ensure user privacy, here are some preventive measures that people can take.
Avoid using public charging stations
The most obvious solution to prevent juice jacking is to simply avoid using public charging stations. USB charging ports can transfer both power and data simultaneously. If you must charge in public during an emergency or power outage, ensure that data transfer is disabled.
Carry your own power source
One of the most important items to include in your carry-on while travelling is a power bank or portable charger. Not only will it ensure that the device stays powered, but it will also avoid compatibility issues and security risks associated with uncertified or unfamiliar charging equipment. Always use your own cable when charging in public spaces.
USB data blocker or juice-jack defender
USB data blockers or juice-jack defenders are widely available in the market. By blocking data transfer while still allowing power to pass through, these devices help prevent malware installation and unauthorized access. Be sure to choose a reputable, high-quality data blocker, as its effectiveness depends on its build and security standards.
Secure and change passwords
Make sure that all your accounts have a strong password and enable 2FA. If there is suspected tampering with the device, immediately check accounts and change passwords. It is always better to err on the side of caution, especially in an age where data breaches occur more often than not.
Photo credit: The feature image is symbolic and has been done by Konrad Koller.
Sources: Krebs on Security / State of Michigan / North Dakota Information Technology
