Hikvision Cybersecurity Director Presents Pro Tips to Reduce Security Concerns Related to Juice-Jacking: Trading Your Data for Power
Our previous Hikvision blog discussed tips to prevent becoming a victim of credential stuffing. This blog will discuss security concerns related to juice-jacking, and tips to prevent becoming a victim of it.
There are few things in everyday life that instill panic in us more than seeing the low battery indicator on our mobile phone. This is especially troubling during travel, when your mobile device might be frequently switching between cell towers and Wi-Fi hotspots, and using up more battery than usual. To help us with this problem, charging stations have graciously been made available for free in many public places. While this free charge can breathe life back in our digital existence, it can also be the point at which your device becomes victim to a cyberattack called juice-jacking.
What is Juice-Jacking?
Juice-jacking happens when someone connects their mobile device to a USB charging station that charges the device, but has also been modified to copy data from the mobile device, like photos and text messages, or infect the device with malware. This is possible because USB cables provide both charging and data transfer capabilities. When plugging a mobile device into a computer for charging, an application like iTunes generally pops up, the same way it does when you plug in an iPhone into a computer. This is because the computer recognizes the mobile device and is offering to back up the data from that device.
Juice-jacking is not a new form of attack, but it is a real and growing threat. In fact, cybersecurity reporter Brian Krebs wrote about juice-jacking back in 2011 when a group of security researchers set up a charging kiosk at the DEF CON hacker conference in Las Vegas. This kiosk powered people's mobile devices, but showed a warning to the users about the dangers of public charging stations.
Where are these charging stations?
Mobile device charging stations seem to be popping up all over. Some typical locations are airports, hotel rooms, conferences, sporting events and stadiums and coffee shops. Libraries and even amusement parks can have these stations to keep you powered and connected throughout the day.
How to Prevent Being a Victim of Juice-Jacking
Not all public USB ports are malicious, however, it is more prevalent than most people think. Being ready to practice safe power cyber-hygiene at any time can greatly reduce the risk of a juice-jack attack.
Pro Tips:
- Travel with your own USB power adapter, preferably the one that came with your mobile device. This will ensure that only power is going to your mobile device.
- Buy a USB data blocker. This device protects against untrusted USB ports because it only allows power to pass through to the mobile device. Are you skeptical? Good! Try it out between your phone and laptop. You'll see that nothing pops up to offer a backup of your phone’s data. There are a number of companies online that sell inexpensive data blockers.
- Buy a data blocking cable. Again, these are inexpensive and can be found online. With so many people backing up mobile devices to the cloud, you may not even need a normal cable that allows data transfer anymore.
- Another safe option for charging more modern mobile devices is to use a wireless charging pad since these only provide power to your device.
- Don't use untrusted cables. While this example doesn't infect or steal data from a mobile device, here is a video of Kevin Mitnick demonstrating a malicious cable that can install malware on your computer when you use it to charge your phone.
While it seems unlikely that most of the public USB charging stations are malicious, any one of them could be. By being prepared and following a few simple precautionary measures, you can help ensure that your mobile device isn’t draining your personal data as your battery charges.
For other tips to address security concerns, visit Hikvision’s catalog of cybersecurity blogs.