Being caught out in public with a dead phone battery can be a hassle. Thankfully, some public places (such as airports) have set up charging stations which allow you to give juice to your dying device. Just plug in your charger cable, attach your phone, and you’ll be charging in no time. Convenient, right?
Unfortunately, while convenient for you, it’s also convenient for people with malicious intentions! These charging stations can be compromised in a way that accesses your phone without your permission. From here, it can either transfer malware onto the phone or steal data from it. This is the case of “juice jacking,” and it’s a problem that will keep you from always trusting public charging stations when you see them.
How Does It Work?
If you’ve ever plugged your phone into a computer using a USB cable, you’ll notice it does two things. First, it’ll charge the battery as if you plugged it into a power outlet. Second, you’ll notice that the phone can share files and folders with the computer. The USB cable, in this scenario, works in two ways, both as a charger and a way to transfer data. This is what makes USB cables particularly attractive, as it can do two jobs at the same time.
When you’re using a legitimate charging station via USB, you’re only using the first feature of USB cables – the charging. However, someone with malicious intent can make additions to the charging station in a way that uses the second feature – the data transfer. They use this untapped potential to either put malicious code onto your phone or drag data off of it. People plug in their phones thinking they’ll only get a battery charge when in reality they’re receiving far worse!
Dodging a Juice Jacking Attack
So now you know what juice jacking is and where it can lurk. Now for the important bit: how do you stop a juice jacking attack from hitting your phone?
Don’t Use Public Chargers
As with most malicious attacks, the absolute best protection you can use is a sense of caution. Never use a charging station that requires a USB connection to charge. If you want to charge your phone on the go, simply use an AC adapter and plug it into a power socket when you find one. Juice jacking can’t work through a power socket, so you’ll have nothing to fear!
If you end up using a public charging station via USB and the phone asks if you want to mount the drive, never do so! Doing so will open up your device for data transfers by the station. Make sure your device doesn’t automatically mount itself when plugged in via USB, either.
Charge-Only USB Cables
If you really have to use a USB charging station while on the fly, you can use a USB charge-only cable instead. These cables cut out the USB’s ability to transfer data over USB, so any malicious code within charging stations can’t get at your phone. You’ll receive all the benefits of a public charger without any of the risks that are involved alongside it. A good example of a charge-only cable is the PortaPow.
USB Converter
You can also get small devices that convert regular USB cables into charge-only ones which have the crude nickname of “USB condom.” The idea is that you plug this into the port, then plug your USB cable into the device itself. The device prevents data from being transferred, so you can charge your phone without having to worry. A good example of such a device is the SyncStop. There’s even a guide on how to make your own!
Personal Chargers
If you want to take matters into your own hands, you can carry around a personal charger or portable battery. When you’re running out of charge, simply plug your phone into one of these and you’ll be back in action in no time. It also comes with the added benefit of not having to frantically hunt for a power point as your phone slowly dies on you!
Juiced Up
With the convenience of being able to use charging stations, there also comes the convenience of manipulating it to steal data or transfer malware to connected devices. Stay away from public charging stations, use a power outlet, get a USB charge-only cable or device, or simply carry around your own charging methods to stop yourself from becoming a target.
Did you trust public charging stations in the past? If so, do you now? Let us know below in the comments.
Simon Batt is a Computer Science graduate with a passion for cybersecurity.
Our latest tutorials delivered straight to your inbox
