Juice Jacking: What It Is and How It Works
Juice jacking is a cyber attack in which a hacker gains access to a smartphone or other electronic devices while they're charging through a public USB port.
With the rapid development of new technologies and connectivity, juice jacking is one of many types of cyber threats that smartphone users face today. As technology continues to evolve, new threats will likely emerge - time to take cybersecurity seriously.
The Internet of Things (IoT) has opened up a world of increased availability, accessibility, and interoperability. It’s evident that we use our smartphones for everything: from checking public transport to booking concert tickets, and everything in between. We love our phones and can’t live without them. Device batteries suffer due to our extensive smartphone use and sometimes need a quick pick-me-up. Public charging points are convenient and look safe, but they appear to be a new attack surface that can expose your phone to security threats.
What is juice jacking?
Juice jacking is a cyber attack in which a hacker gains access to a smartphone or other electronic devices while they’re charging through a public USB port. This attack typically occurs in public charging stations that can be found in airports, hotels, or shopping malls. You might make an association with batteries since it’s called ‘juice’, but it’s not.
Juice jacking can result in the theft of personal data and other sensitive information. It works by exploiting public USB ports with or without cables. The cables can either be regular charging cables or data transfer cables. The latter is capable of transmitting both power and data, therefore at risk of juice jacking. When someone connects their device to a public charging port, a hacker can use this access to either install malicious software or steal data (login credentials, contact lists, etc.) from the user’s device.
One of the main reasons why juice jacking has become a concern is that it’s relatively easy to execute. All a hacker needs to do is install a small device called a ‘juice jacking tool’ in the public charging station, which allows them to intercept data as it passes through the USB cable. These tools can be purchased online, making them accessible to anyone.
When are you at risk for juice jacking?
Anywhere where they have a public USB charging station. But, airports are the places where these attacks are most prevalent. It’s a high transit area with high foot traffic that increases the odds of hackers hacking devices. People prefer to have their devices fully charged and are therefore more willing to use the available public charging stations. Juice jacking is not limited to airports - all public USB charging stations pose a risk!
How to prevent juice jacking
The most effective way to avoid juice jacking is to use a 'power-only' USB cable when charging a phone in a public setting. These cables are designed to only transmit power, not data, which makes them less vulnerable to hacking. Otherwise, avoid using public charging stations whenever possible and rely on your charging cables or Brick powerbanks to charge your device. You don’t have to worry about juice jacking with our Bricks. Our powerbanks charge using cables that do not have data wires, meaning that they’re only power-up cables.
Most phones have taken security measures to reduce the attack surface over USB cables. They no longer allow the device to automatically connect as a hard drive when plugged in, but as ‘only charging’. Signs of a juice-jacking attack could include a slow or unresponsive device, unexpected pop-up notifications, and a sudden increase in data usage. If you suspect that your device has been compromised, immediately disconnect it from the charging station!
Update after FBI news report regarding juice jacking
Monday, April 10, 2023
As a partner or user, we understand if you have concerns about juice jacking when using a Brick powerbank. We equally have concerns and would like to share our guarantees and demonstrate how Brick is not capable of juice jacking or any other malicious attack.
Our powerbanks are equipped with charging cables, not data transfer cables. The wiring sets these cables apart. A data cable has four wires: one negative, one positive, one for data receival, and one for data transfer. Charging cables typically have two wires: one negative and one positive. Data transfer, or any other kind of transfer, through a Brick powerbank, is therefore not possible.
Additionally, the Brick app is developed by Brick Technology Sweden and is compliant with European privacy laws and security standards.