Know the definition and how to deal with juice-jacking, a new danger in public loading zones. Find out what it is and how to stay protected!
Since the invention of the cell phone and the updating of technologies; a series of changes have occurred that have resulted in the progressive dependence of humans on mobile electronic devices; whether they are cell phones, tablets, laptops; among others. If we think about it; what do we do now when we are on the street and our cell phone discharges? We will probably look for a place to connect our charger to have some battery, either in a café, a restaurant; a store or a public charging point in a square or a shopping center. But we are not aware of imminent dangers; such as juice-jacking.
Many other times we have no choice, because different situations that are out of our control lead us to charge our mobile devices in public places; An example of this can be when people are waiting for a flight at an airport or when they get lost and need to use the map. It is precisely in these situations when we expose ourselves and put our privacy at risk. Therefore; we will see the definition of juice-jacking; how it is carried out; what it is and how we can avoid it.
What is “Juice-Jacking” about?
This is a technique in which cybercriminals alter public-facing devices. In this way they are able to transfer Trojan-like malware to the mobile devices that are connected; and thus run and steal sensitive information from the victim. In this case; USB cable or the charging device’s connection input serves as an access bridge for attackers to steal data; this data is usually related to the victim’s personal life or other types of data such as bank details, phone number; and browser cookies.
Squeezing occurs during the loading process. It gains access to users on their mobile device; taking advantage of the USB or data feed that occurs when charging the device. It then takes advantage of this to illegitimately access the data on your phone and/or inject malicious code into the device.
What happens is basically an invasion of privacy where the victim’s phone is paired with a computer that can be found hidden in the charge sharing site or “kiosk“. In the same way; cyber-crooks can introduce malicious code directly to the connected device; wreaking havoc on it. Professionals claim that devices connected to these infected charging stations can penetrate the device within a minute after the victim plugs it in.
The consequences of these illicit connections appear long before the malicious code is even released, since once the device initiates the linkage with the computer; it can access a large amount of personal data on the device, including the phone book, photos, database, text message; even backing up the device. These “kiosks” or public charge centers; tend to be found in places where people are concentrated, shopping centers, airports, restaurants, squares. Among other related places.
Types of juice-jacking
After knowing the general concept of what the Juice-Jacking is about we can proceed to establish the types that exist; some of them are:
- Data theft: data theft; also known as phishing , occurs through a USB cable. For this case; criminals use trackers that transfer to the connected device and when it enters; it tracks personal and banking information, credit or debit card details, passwords and users, among other things; this information theft happens quickly, in approximately 80 seconds.
- Malware installation: This consists of the installation of Trojan type malware. Criminals install these programs using connection methods that transmit hadware, spyware and other Trojans. When such cybercriminals release the programs on the device, they have the ability to spy on the victim’s data and thus collect sensitive information to transmit back to the cybercriminal.
At first the victim may not realize they have been a victim of data theft, however, over time the victim may notice certain characteristics such as missing money, not being able to access their social networks, among other consequences. How to avoid “Juice-Jacking”?
Tips to prevent juice-jacking
There are good tips online about how we can avoid juice-jacking, a few compilations of these are:
- Keep your devices charged (fully charged): this will reduce the need to have to charge your mobile devices, in the same way, turning on the “power saving” mode of your devices will help the charge level last longer and you won’t have to recharge.
- Carrying a personal charger: avoid borrowing a charger from strangers as much as possible, as this increases the risk of suffering juice-jacking attacks.
- Turn your phone off: in case you need to charge your phone and your only resource is to do it through a kiosk or public charging center, make sure you charge it off, this will help any unknown device not to access your device and thus avoid the theft of your sensitive information.
- Use USB power cables only: Similar to the previous case, in the sense that you need to charge your powered-on device, another option is to enable “charge only” mode so that the device blocks the data transmission option to prevent cybercriminals from accessing your personal data.
- Configure access to applications using a password: You can configure the option on your device to request a password when transferring data, so that when a cyber-crook wants to access your device, it will show you the password entry notification and you will know when they want to access your device without your consent.Avoid USB ports: when you need to charge your mobile device you can choose to charge it using the power adapter, this way you avoid charging it directly through USB ports, which eliminates the risk of illegal access.
Interesting related articles: Attacking and defendings, who wins?