Suppose you are out somewhere and the battery of your mobile phone is dying. You simply connect your phone with an old USB port, which you find nearby. But later you’ll find that your phone got infected and you keep on wondering where you went wrong. You won’t even remember, but connecting to any random USB port is where you can get cyber-attacked, and this particular cyber attack is known as Juice Jacking.
What is Juice Jacking?
Regardless of the kind of smartphone you are using, which can be an Android device, BlackBerry, or an iPhone, there’s always a common feature in all of the smartphones, i.e., the power supply and the data stream that passes over the same cable. Whether you are using the standard USB cable or Apple’s proprietary cables, in both cases, the situation would be the same; you’ll be using the same cable, whether it is for transferring your data or to charge the phone.
This setup of having the same cable for charging and for data transfer has become the vector for a malicious user to gain access to the device while you simply connect your phone to get charged. Thus, using the data/power cable as the means of gaining illegal and unauthorized access to someone’s phone or to inject any malicious software or code on the phone is known as Juice Jacking.
How Does Juice Jacking Work?
You would have noticed that while you charge your phone through the USB port of the system or through the laptop, it also comes up with the option of moving the data back and forth between the two systems. This is because the USB is not connected to any power socket. A regular USB connector tends to have five pins, where only one is required to charge the receiving end. Two of the others are used by default for the purpose of data transfers.
You have to change the settings, and unless you have made any changes in the settings, the data transfer mode will be disabled by default. But this option is not there on the devices which have the older versions of Android. When the cable is connected, the connection would only be visible on the end that provides the power. In the case of juice jacking, the one who can view the status of the connection is not the device owner.
This clearly means that if the user would be connecting the phone to a USB charger to charge the phone, she might end up opening the pathway for moving the data between the devices. Thus, connecting to any random USB port might end up with you losing your sensitive data on your mobile phone or getting your device accessed by any unauthorized user to install any malware or bring harm to your device and data on it.
Types of Juice Jacking
While we say juice jacking is a critical threat to our mobile devices, most people don’t even come to know that they have been attacked with such cybercrime. You now know the criticality of this attack that might leave you losing your data or getting it duplicated.
It is now important for you to know that there are two ways in which juice jacking can work. Here are these two ways in which you can lose your data by getting caught in the cybercrime of juice jacking:
Data theft: In this kind of attack, while you connect your phone to a USB port to charge, the data from your device gets stolen.
Malware installation: When your phone is connected to the USB port, and the connection is established, it is possible that malware is dropped on your device. That malware will then remain on the device until detected and removed by the user. While your device has the malware, it is possible for the hacker to look into your device, replicate the files that you have on your device, or even delete them. So, by the time you detect the malware, the damage will already be done.
In the first kind of juice jacking attack, the cybercriminals could actually steal any kind of data from your mobile device when it is connected to the charging stations through the random USB ports. If you think that if there’s no hacker sitting there to access or steal the data, then it is not possible to steal your data, then you are wrong.
Make no mistake in underestimating the power of this cyberattack, as the data theft could be completely automated. A hacker or a cybercriminal could end up creating a breach through an unsecured kiosk with the help of malware and then drop an additional payload, which will help the hacker to steal the information from the device connected with the USB port.
In case of data theft through juice jacking, the hackers can end up adding the crawlers that can search your phone for PII or personally identifiable information, banking-related, or credit card related data or account details within a matter of seconds. The hackers might also use malicious apps that could help them in cloning the data present in the phone of the user through the help of a Mac OR Windows computer, playing the role of a middleman. This is how the hacker could find everything that he needs to impersonate you.
The second kind of juice jacking attack includes the installation of malware on the device of the user through the USB port to which the device has been connected. In this case, the goal isn’t just to steal the data. It can be a gateway for several other criminal activities. If the goal of the threat actor was to steal the data through installing the malware on the phone, it wouldn’t just be possible with the USB connection but would happen over time with varied data that would include the GPS location, social media interactions, call logs, purchases made, etc.
The cybercriminals can install various categories of malware through the juice jacking attack. These can be ransomware, cryptominers, adware, Trojans, or spyware. These days, Android malware has become highly versatile, just like the malware which was made to attack the Windows or Mac systems.
Ransomware is the malware that freezes the device or encrypts the files on the device for ransom, thus preventing the user from accessing the files until he pays the ransom. The other one is cryptominers, which mine the CPU/GPU of mobile for cryptocurrency and drains the battery. Another one is spyware, which helps in long term tracking and monitoring of the target. Lastly, it could be Trojans that end up hiding in the background and can perform various illegal and unethical activities on the command of the attacker.
How Can You Avoid Juice Jacking?
Unfortunately, not all people are aware of juice jacking even being a cyber attack. This is why it is important that there should be awareness of this attack among the people, so they can take the necessary steps in order to avoid this kind of attack. There are some commonsense precautions, which can be taken to avoid exposure of the device to the systems that might end up capturing your phone with authorized access. Here are the obvious but important precautions which can help you be saved from juice jacking attacks:
Make sure you keep your mobile charged: One of the most obvious precautions is to stay alert and keep your phone charged. Consider making it your habit to charge your phone while you are at home or at work and not doing anything with your phone. Avoid the chances that your phone has to give you the notification of a low battery.
Always have your charger with you: Instead of getting towards any public charger to charge your phone when its battery is low, consider having your own charger along. It is always preferable to carry your personal charger wherever you go. You never know when you end up in a situation when the battery on your phone is low, and you urgently need your phone to connect to a charger. In such cases, if you have your own charger, you can easily charge your phone instead of connecting your phone to a public USB port that might end up in data theft from your device.
Carry a battery as a backup: When you carry a full spare battery along whenever you go out, there are fewer chances that you even have to connect your phone to any random public kiosk if you see the symbol of low battery. Having a backup battery will always make you ready for travel when there are higher chances that your battery will drain out, and possibly, you won’t be able to connect it with your charger.
Ultimately, the best defense against attacks like juice jacking is awareness. If you are taking every step to prevent your device from getting trapped or falling for unauthorized access, there’s no way any of the data could be extracted from your device. All you need is to always stay prepared with your charger or extra battery for the situations when the battery of your device gets low.