Why You Should Think Twice Before Using a Public USB Charging Station

What is juice jacking, and how did it start? Juice jacking is a form of cyber attack where cyber-criminals manipulate public USB charging stations by infiltrating them with malware. When a user connects their device to the port, their device will automatically become infected. This allows the hacker to steal sensitive data and other information on the device.  Juice jacking has its origins as an experiment back in 2011, when two security researchers who were attending a security conference put up a stand with free USB charging ports. They wanted to see how many security folks would use the free ports, even without knowing who had created them.  To their disappointment, over 300 people made the mistake of using the ports over the three-day event. While these ports were not infected with malware, the point is that they could have been - and too many individuals used them without thinking about the potential consequences! 

What happens if my phone is juice jacked?There are two threats that arise from juice jacking:

Data theftA criminal could load a type of crawler malware on your device, which will hunt through your applications and software for precious data. It will then share this data back with the cybercriminal, who can use it for fraud, social engineering or even sell it on the dark web.

Malware installationA criminal could also choose to poison the USB charging stand with ransomware or another malicious type of software, like adware, crypto miners, spyware, or Trojans. Crypto miners work by scanning your phone for cryptocurrency, which drains your battery life. Ransomware encrypts the data on your device until you pay a ransom, while spyware monitors your communications for a given period of time. Trojans are a form of virus that stealthily deliver attacks to your device. 

How common is juice jacking? Because juice jacking is relatively new, there’s not much research out there about how common it is. However, it’s definitely better to be safe than sorry.   Don’t let your phone’s low battery get the better of you! Here’s how to protect yourself from juice jacking. 

Avoid public charging stations or portable wall chargersThe easiest way to prevent this attack is to avoid using public charging stations. If you notice your phone battery running low while you’re out and there’s no alternative, you can put it on airplane mode to conserve battery until you’re home. 

Use a wall outlet insteadIf your phone’s battery life isn’t great, then you may get caught out while out and about - and will need to charge it. Rather than use a public charging station, though, consider bringing your charger with you and instead plug it into a wall outlet at a coffee shop or restaurant. This is generally much safer than a public charging station. 

Bring a charger out with you! Portable chargers are always handy to have - especially if you travel a lot! We suggest investing in one instead of risking the threats associated with juice jacking. 

How can I stop my employees from falling victim to juice jacking?In the case of juice jacking, awareness is power. We advise that you share this blog with your employees and let them know about the threat of juice jacking. This is particularly important if your people travel for work - as public USB charging stations are most commonly found at train stations and airports!  You could even incorporate juice jacking into your broader security awareness program. After all, this threat is just one of the many out there that your employees need to watch out for. There are also threats like phishing and malicious advertising, which your employees should be aware of.

Keep Your Business Protected With Help From Texas I.T. ProsIf you need assistance with improving your business’ security, or setting up a security awareness program for your employees, get in touch with us.  Texas I.T. Pros can help your Denton or Wise County business to improve your cybersecurity posture.  Reach out to us if your Denton or Wise County business is having difficulty with cybersecurity. Call 940-239-6500 or reach out online.