Juice Jacking/ USB Charger Scam – Dangers of public charging stations...by Gurjot Singh Kaler

Chandigarh: In today’s fast-changing digital and technological landscape, cyber criminals are constantly developing new ways and means to dupe gullible netizens. A latest addition to the emerging cases of cyber-crime is juice jacking. Beware of this scam as it can empty your bank accounts.

The cyber scammers are resorting to juice jacking to target their victims, especially the travellers. Although the term "juice jacking" might sound like something from a sci-fi film, it's a genuine, though uncommon, threat for smartphone users around the globe.

This unique tactic allows hackers to access your device via public Universal Serial Bus (USB) charging ports and steal sensitive data. While the likelihood of falling victim is currently low, it remains an increasing security concern which needs to be discussed and deliberated upon before it is too late.

The term, “juice jacking” was first coined in 2011 by investigative journalist Brian Krebs to describe the scenario of a potential data theft when the victim plugs their devices for charging into an infected public charging kiosk. The phrase "juice jacking" cleverly merges the slang "juice," referring to electrical power, with "hijacking," which signifies the unauthorized control or access to a device.

The U.S. Federal Communications Commission (FCC) has also recently issued an advisory to warn people about this latest cyber attack called juice jacking which the criminals are deploying to target such travellers who are interested in charging their smartphones at bus stations, railway platforms, hotels, airports, hospitals, shopping malls or any other public places.

Criminals tamper with public charging stations by installing a "skimming device"—similar to a hidden microphone, but for data. This device is concealed within the USB port, unnoticed by users. Once a device isconnected, the skimmer goes to work, either stealing data or secretly installing malware, acting like a covert spy on your device.

USB ports consist of several pins, with only one dedicated to charging and the remaining pins utilized for data transfer. Juice jacking, also known as the USB charger scam, takes advantage of the dual-purpose nature of smartphone USB ports, which handle both charging and data transfer.

By connecting your device to a public charging station which has been compromised by the hackers, you may inadvertently allow them access to your phone.

Thus, by tampering with a USB port or cable, these cyber criminals can compromise a user’s device which could result in the installation of malicious software, theft of sensitive data like passwords, or even full remote control of your device.

The malicious malware which has infected the victim’s phone can also spread to other connected devices in the network like laptops, computers, tablets, etc. Juice jacking doesn’t just involve the theft of your data; it can also lead to hidden malware being installed on your device which remains present even after you have stopped charging on the infected USB port and it can continue to give remote access of your device to the hacker.

This malicious software can collect sensitive information, including your GPS location, browsing and purchase history, social media activity, photos, call records, email records, bank account information and run unauthorized commands. Juice jacking can cause financial loss to the victims if the hacker manages to steal the victim’s credit card numbers and makes unauthorized purchases for which the victim ends up paying. Juice jacking can also harm a victim’s reputation.

If hackers gain access to personal information, they can impersonate the individual, sending phishing or spam emails in their name which can damage their credibility.

Although iPhones often receive the most attention in discussions about juice jacking, any smartphone, including Android devices, can fall victim to this threat. Moreover, other gadgets that connect to charging stations, such as tablets and smartwatches, are equally at risk.

The vulnerability lies not in the specific device but in its use of a USB connection, which can be compromised by cybercriminals to introduce malware.

Recognizing if you've been a victim of juice jacking can be challenging. Your device may show unusual behavior like slower performance, excessive battery drain, or frequent crashes. Other warning signs include unfamiliar apps appearing or a delay in loading tasks. Keep an eye out for these red flags, as they could indicate your device has been compromised.

Steps to follow if you are a victim of juice jacking:

If you suspect you've fallen victim to juice jacking, take immediate action of stop using the device and disconnect it from the network and other connected devices to prevent unauthorized data transmission.

First, unplug your device to stop any data transfer or malware installation. Power it off to prevent malware from spreading further. Once possible, restart the device and run an updated antivirus scan to detect and remove any threats.

Change all passwords, especially for sensitive accounts, and monitor for unauthorized activity. Contact your bank or credit card companies if financial information might be compromised. If necessary, perform a factory reset to remove malware, ensuring important data is backed up securely. Lastly, update your device’s operating system and apps to patch any vulnerabilities.

Tips to avoid becoming the victim of juice jacking:

1) Steer clear of public USB charging spots in places like airports, hotels, and shopping centers, as they can be compromised by cybercriminals who install malware or spyware. Instead, it's safer to use your own USB cable wire and charger and plug into a standard electrical outlet for charging.

2) It’s recommended to use personal chargers connected to regular power outlets, carry portable power banks, or utilize data blockers to ensure that USB connections are restricted solely to power transfer. Ensure that your portable charger is fully charged up before leaving the home and you have the right wires or cords for your devices. Juice jacking attacks occur exclusively through USB charging ports, not standard electrical outlets. If you must charge your phone in a public space, you can eliminate the risk of compromised cables and ports by opting to use a traditional power socket instead.

3) Opt for a USB cable designed without a data wire. Standard USB cables contain separate wires for power and data, and juice jacking occurs through the data wire. By using a cable that lacks this data connection, you can block such attacks. However, in situations where data transfer is required, such as syncing your device to the cloud, you’ll still need a regular USB cable. This approach requires managing multiple cables and being mindful of which ones support data transfer.

4) Consider using a data blocker for added security. By connecting a data blocker to the charging station and then attaching your USB cable to it, you establish a protective barrier between your device and the public port. This device disables the data pins in your USB cable, preventing any data transmission while still allowing power to flow. Like cables without data wires, this setup stops malware or data from being transferred, effectively mitigating the risk of juice jacking.

5) It is advisable to opt for some of the newer smartphones in the market which are providing an upgraded lockdown mode as an effective safeguard against juice jacking. The lockdown feature fully disables data transfer through USB ports while still allowing charging, ensuring that you can safely recharge your device in public spaces without the risk of exposing your personal information.

6) Be cautious if you receive a prompt asking whether to "trust the computer" or to allow "data sharing" when connecting your device to a public charger; disconnect immediately. Certain smartphones are equipped with features that detect data transmission attempts. Receiving such a message suggests that something is wrong, and it may indicate that juice jacking is occurring. Secure or lock your electronic device and never pair it with any unknown device. Try to switch off your phone while you are charging it. Keep the security features of your phone enabled to add an extra layer of protection such as facial recognition, passcodes, fingerprints, etc.

7) Keep the software of your phone and electronic devices fully updated so that these are working on the latest operating systems and you remain protected against any security vulnerabilities. Also, ensure to install trusted and authentic anti-malware or virus detection software in your phones to have a higher degree of security against any kind of malicious malware attacks.

8) Whenever you use public Wi-Fi, make sure to use a trusted Virtual Private Networks (VPN) service so that the hackers are not able to steal your sensitive data through Man-in-the-Middle attack. Also, stay vigilant about phishing and other scams which are commonly used by the cyber criminals to steal the data of unsuspecting victims.

9) Enable the USB Restricted Mode on your devices as a security measure against any potential data breaches or malware infection before charging at any public USB ports. If possible, try to use wireless charging at public places as it has zero risk of infecting your phone vis-à-vis USB port charging. Avoid using your phone while it charges at a public station.

Unlocking it during the charging process can expose your device to potential security breaches or unauthorized access. If your phone allows it, disable data transfer during USB charging by adjusting the settings.

Additionally, consider investing in a portable charger that features a built-in data blocker, which ensures that only power is supplied, preventing any data exchange between your device and the charging source.

Juice jack defenders like USB data blockers, charging cables with built-in data blockers, and power banks with built-in data blockers can prove to be useful in preventing becoming a victim of these rising cyber scams.

10) Keep a close watch on the transaction history of your bank account and regularly scrutinize the bank account statement for any type of suspicious activity which must be immediately reported to the banking authorities as well as the police for necessary investigation. Apart from the above precautions, if you find yourself to be a victim of cyber-crime in India, then, immediately report it on www.cybercrime.gov.in, the National Cyber Crime Reporting Portal or call 1930 which is the national cybercrime helpline number.

Juice jacking poses a genuine risk, but you can greatly mitigate this threat by implementing these straightforward measures. Staying educated and taking proactive steps are essential to protect your finances and secure your personal identity. Stay Charged. Stay Safe

September 20, 2024