Knowing the definition and how to deal with “Juice-Jacking”
Since the invention of the cell phone and the updating of technologies, a series of changes have occurred that have resulted in the progressive dependence of humans on mobile electronic devices, whether they are cell phones, tablets, laptops, among others. If we think about it, what do we do now when we are on the street and our cell phone discharges? We will probably look for a place to connect our charger to have some battery, either in a café, a restaurant, a store or a public charging point in a square or a shopping center. Many other times we have no choice, because different situations that are out of our control lead us to charge our mobile devices in public places, an example of this can be when we are waiting for a flight in an airport or when we are lost and need to use the map. It is precisely in these situations where we are exposed and put our privacy at risk. Therefore, we will see the definition of juice-jacking , how it is carried out, what it is and how we can avoid it.
What is “Juice-Jacking” about?
It is a technique in which cyber-crooks alter public charging devices so that they are capable of transferring Trojan-type malware to mobile devices that are connected, so that they can run them and steal sensitive information from the victim. In this case, the USB cable or input where the charging device is connected serves as a bridge and access route for attackers to steal data related to the victim’s personal life or other types of data such as bank details, telephone number and browser cookies.
The way in which the juice-jacking is carried out is during the loading process in which the users’ access is obtained on their mobile device, taking advantage of the data or USB power that occurs when loading the device by taking advantage of it to illegitimately access the data on their phone and/or injecting malicious code into the device. What happens is basically an invasion of privacy where the victim’s phone is paired with a computer that can be found hidden in the charge sharing site or “kiosk”. In the same way, cyber-crooks can introduce malicious code directly to the connected device, wreaking havoc on it. It is believed that devices connected to these infected charging stations can penetrate the device within a minute of being connected.
The consequences of these illicit connections can be seen long before the malicious code is even released, as once the device is paired with the computer, it can access a large amount of personal data on the device, including the phone book, photos, database, text message, even backing up the device. These “kiosks” or public charge centers, tend to be found in places where people are concentrated, shopping centers, airports, restaurants, squares. Among other related places.
After knowing the general concept of what the Juice-Jacking is about we can proceed to establish the types that exist, some of them are:
•Data theft: data theft, also known as phishing is carried out through a USB cable. For this case, trackers can be used that are transferred to the connected device and when it enters, it tracks personal and banking information, credit or debit card details, passwords and users, among other things; this information theft can be done quickly, approximately in 80 seconds,
•Malware installation: This consists of the installation of Trojan type malware. These malicious programs are installed using connection methods that transmit hadware, spyware and other Trojans. When these programs are released on the device, they have the capacity to spy on the victim’s data and thus collect sensitive information to transmit it back to the cybercriminal. At first the victim may not realize they have been a victim of data theft, however, over time the victim may notice certain characteristics such as missing money, not being able to access their social networks, among other consequences.
How to avoid “Juice-Jacking”?
There are good tips online about how we can avoid juice-jacking, a few compilations of these are:
• Keep your devices charged (fully charged): this will reduce the need to have to charge your mobile devices, in the same way, turning on the “power saving” mode of your devices will help the charge level last longer and you won’t have to recharge.
• Carrying a personal charger: avoid borrowing a charger from strangers as much as possible, as this increases the risk of suffering juice-jacking attacks.
• Turn your phone off: in case you need to charge your phone and your only resource is to do it through a kiosk or public charging center, make sure you charge it off, this will help any unknown device not to access your device and thus avoid the theft of your sensitive information.
• Use only USB power cables: Similar to the previous case, in the sense that you need to charge your device while it is turned on, another option is to activate the “charge only” mode so that the device blocks the data transmission option and thus prevents cyber-crooks from accessing your personal data.
• Configure access to applications using a password: You can configure the option on your device to request a password when transferring data, so that when a cyber-crook wants to access your device, it will show you the password entry notification and you will know when they want to access your device without your consent.
• Avoid USB ports: when you need to charge your mobile device you can choose to charge it using the power adapter, this way you avoid charging it directly through USB ports, which eliminates the risk of illegal access.