Can my mobile be hacked when charging with a USB Charging Cable? The answer is, emphatically, yes – Destiny Young, Cybersecurity Expert
In today’s digital world, staying connected has never been more important. With smartphones, tablets and laptops becoming an essential part of our daily lives, we are constantly looking for ways to keep them charged up. Public USB charging ports seem to be an easy solution when we’re away from home or work, but the question is, are they really safe?
The answer is not a straightforward one. Unfortunately, cybercriminals have found ways to steal sensitive data via public USB charging ports, a process that is being referred to as ‘Juice Jacking’. In this blog post, we will discuss what Juice Jacking is, what can happen to your device if it’s targeted and ways to avoid falling victim to it.
When you connect your device to a fast charger with a USB cable, there is a negotiation between the two, establishing the most powerful charge the device can safely handle. This negotiation is managed between the firmware on the device and the firmware on the charger and assumes both will play nicely with one another.
Because the fast charger is essentially a smart device in its own right, it is open to a malicious compromise. An attack is very simple. With malware loaded onto a smartphone, an attacker connects to the charger, overwriting its firmware and essentially arming it as a weapon for whatever plugs in to it next.
What is Juice Jacking?
Juice Jacking is a type of cyber attack that occurs when you plug your device into a public USB charging port that has been tampered with. It usually results in your data being stolen or malware being installed on your mobile or laptop. These types of ports are commonly found in airports, coffee shops and shopping centres, as well as on public transport.
While public charging stations weren’t designed with malicious intent, unfortunately, hackers have identified ways to modify them for their own gain. Even the FBI is warning people not to use them: “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”
What’s the purpose of Juice Jacking?
Once they have access to your device, the hacker will likely do one of two things:
1. They’ll access your personal data and steal photos, passwords and financial information.
2. They’ll install malware that allows them to monitor your online activity and even control your device remotely.
In most cases, it won’t be immediately obvious that your device has been compromised, with the most common signs being overheating, the battery dying more quickly or changes to your settings.
How Juice Jacking works
Juice jacking is carried out in one of two ways: the attacker creates a fake charging station or they tamper with a legitimate one. In regards to the former, the attacker essentially sets up their own malicious station which contains a hidden computer rather than a charger, allowing them to connect to and access your device. In terms of the latter, the attacker will tamper with the existing cable, installing a small computer chip that can intercept and steal data from your mobile or laptop.
How about just charging the device with a friend’s USB cable?
Malicious programs (mobile devices and computer viruses) are written programming codes. Just like Computer programmers write codes that are then embedded into electronic devices, enabling the device to respond to commands.
Some bad actors are highly skilled programmers.
Electronic devices understand human interaction with them via embedded programming code.
USB Charging cables are made of wires that have electrons. The electrons travel along wire like a bus travels along the road.
Here, the programmer sends a set of computer instructions, in this case, a payload. The payload is then transferred to your mobile device via the USB cable as the medium of transmission. When it reaches its destination (the mobile phone), the programmer can remotely send a command to install it on your device in stealth (hidden) mode, without your notice.
Once the virus has taken over your device, it fights for memory power to do the work it was sent, hence the competing processing combat, leading to your device overheating.
What exactly is the reason the device heats up?
The malicious actor is at a remote location performing actions on your phone (checking for financial information, taking photos of you using the phone camera, reading your messages, and possibly, downloading your stored photos, while you are at your end dancing on TikTok, reading gossip on Facebook and previewing Instagram photos and probably, watching Netflix movie. All these simultaneous requests impact your device processor, making it affect your battery power.
Ways to avoid falling victim to Juice Jacking
The best way to avoid falling victim to Juice Jacking is to avoid using public USB charging ports altogether. However, if you must use a public USB charging port, there are a few things you can do to reduce the risk:
• Use your own charging cable: Rather than using the USB cable provided with the charging port, which may have been tampered with, use your own.
• Use a USB data blocker: A USB data blocker is a small device that blocks the data transfer between your device and the charging port, giving you peace of mind that your information is safe.
• Invest in software security measures: If you do charge your device using a public USB port, make sure it’s locked. This will stop your phone or tablet from pairing with a potentially connected device on the other end of the port. You could also turn the device off completely before charging.
Two other options include:
• Use a portable charger: Portable chargers have come a long way in terms of their battery power, so if poor performance has stopped you from using one before, now may be a good time to consider investing in one.
• Use a wall charger: If there’s one available, you could also use a wall charger instead of a public USB charging port. Wall chargers are generally safer than public charging ports because they can’t easily be tampered with without having to dismantle the socket.
Final thoughts
Juice Jacking is a real threat that can compromise the security of your device and your personal data. While it’s best to avoid using them altogether, if you can’t, it’s essential to be cautious and take necessary precautions to protect your device.
