April 18, 2023
We’ve all had the “low battery panic attack” when our phone’s battery is at 4%. Wide-eyed and wildly scanning the area for a charging port. You spot one, shimmying your way through the crowd, and get to a charging station just in time. Phew, that was close; time to congratulate yourself. Er, not so fast. You may have just fallen for a scam called juice jacking.
Juice Jacking refers to cybercriminals hacking into phones to steal data or infect them with malware by hiding skimming devices inside public USB ports and charging cables. The installed malware gains access to your device as soon as you plug it in and can lock you out or export personal data and passwords.
Recently the U.S. government has warned of the dangers of using public, free cellphone charging stations, such as at airports, hotels, and shopping centers. The FCC put out a statement, and local branches of the FBI are also expressing concern.
Whether you have an iPhone or an Android device, smartphones have one thing in common: the power supply and the data stream pass through the same cable. When your phone connects to another device, it pairs to that device and establishes a trusted relationship, meaning the devices can share information. So, during the charging process, the USB cord opens a pathway into your device that a cybercriminal may be able to exploit.
On most phones, the data transfer is disabled by default and the connection is only visible on the end that provides the power. For instance, when you plug your phone into your computer, a message on the computer may ask whether to trust the device. In the case of juice jacking, the device owner won’t see what the USB port connects to.
While juice jacking is not new, it’s becoming more prevalent. Next time you’re in public and your phone battery is dwindling down don’t freak out! We have several ways to avoid getting juice jacked:
Call or email Cocha. We can help with your cybersecurity needs!