Imagine finding a handy public charging station at the airport just as your phone’s battery is about to run out. You know you’ve inserted your device there, but did you also know that doing so exposes your personal data? In a Nationwide study, 45% of participants said they had never heard of the juice jacking fraud. When charging your gadgets via public USB ports, exercise caution! Juice jacking is a scam when malicious software is installed on public charging outlets by cybercriminals. When you need to charge your phone or other portable gadgets, it’s something to keep in mind.
Rupesh Mittal, a cyber security specialist, warns against juice jacking, a sort of cyber assault in which a public USB charging port is used to steal data or install malware on a device. “When you plug your phone into a USB port, it may transfer both power and data. If it is capable of transferring data, it has the potential to steal your personal information and install malware on your device. A standard USB port consists of five pins, one for charging and two for data transfer. Any device that charges and transfers data via a USB port, including smart phones and tablets, is vulnerable to juice jacking. Alternatively, you can use USB data blockers, which are small devices that prevent data transfer from the USB cable and only allow electricity to get through.” According to him, juice jacking can result in data theft, device slowing, unauthorised access to personal information, and greater vulnerability to other malware attacks. “The risks extend beyond just your device, as attackers can also gain access to your online accounts and sensitive information, such as passwords and credit card numbers.” He explains that individuals can defend themselves against juice jacking by avoiding public charging outlets. Enable and utilise their device’s software security features. Use a power outlet, a USB battery, or a backup battery. Use a USB pass-through device.
Although there might not be regulations specifically against juice jacking, general rules against cybercrime and data privacy would still be in effect. According to him, the Reserve Bank of India, for instance, has warned of the possible fraud dangers associated with juice jacking. Nevertheless, the enforcement of these laws can be problematic since it can be difficult to track down cybercriminals and because these crimes are frequently committed internationally. Section 66 read in conjunction with Section 43 of the Information Technology Act of 2000 would be implemented, carrying a penalty of up to three years in prison, a fine of up to five lakh rupees, or both. He says people should stop using the device right away and unplug it from any networks if they think they have been the victim of juice jacking. For more advice, they ought to speak with a cyber security expert or the maker of their gadget.
“Juice jacking, an outdated method of data extraction, was prevalent during the era of widespread pen drive usage,” adds Praveen, another cyber security specialist from Hyderabad. “In the past, offenders would purposefully leave pen drives loaded with malware in public places. Then, gullible people would attach these pen drives to their PCs, unwittingly permitting data extraction. This presented a serious risk since the malware might jeopardise network security, especially on devices used for business and office use.”
Types of juice jacking attacks
Data theft: During data theft juice jacking assaults, users are unaware that their sensitive information has been stolen. Large amounts of data may be compromised if a device remains hooked into a compromised cable or port over an extended period of time. Given enough time and storage space, attackers may be able to create a complete backup of a device’s data.
Malware installation: When malware installation juice jacking attacks occur, malware loaded on the device may inflict a tremendous deal of damage, including manipulation of a phone or computer, spying on a person, locking the user out of the device or stealing information.
Multi-device attack: In addition to hurting the device plugged into a corrupted charger, a device charged by infected cords may infect additional cables and ports with the same malware, making it an unwitting carrier of the virus.
Disable attack: Some malware sent via a charging device can lock owners out of their devices, giving attackers complete control.
Although preventative steps have reduced the frequency of such events, modern juice jacking now primarily targets public USB charging outlets. While a result, there is a risk of data extraction from mobile devices, particularly those running the Android platform, while Apple devices are more resistant to such breaches. If a mobile phone exhibits strange activity, such as the sudden activation of programs or websites, it could be a security risk. Addressing these challenges requires technological knowledge. In the present day, installing antivirus and anti-malware software on phones provides a strong defense against data breaches, particularly in the case of iPhones. Scams aimed at people with low technological understanding, while rare, do exist. For example, someone may try to get unauthorised access to a spouse’s phone. High-level security breaches are uncommon, but not impossible. It is crucial to remember that these sorts of fraud are not common at this moment.
Users can prevent juice jacking assaults by purchasing a protective accessory known as a ‘USB condom’. It is a device that plugs into a charging cord and sits between the device and a public USB charging station. It works by preventing connections to all but one pin in the USB male connection: the pin that delivers power. It stops the data transfer pins from connecting while the device continues to charge.
Murali Talasila, IIIT Hyderabad Chief Mentor and a cyber security YouTuber, argues that phones are common targets for data theft since they automatically accept incoming internet connections. To avoid this, always carry a charger. Many individuals carry extra power packs, which is an excellent idea. If you’re tech-savvy, you can use a cable that just transfers electricity, not data. These cables are widely available in the marketplace. Disable settings in your USB connections as soon as a prompt appears, or set the default to simply allow charging and not data transfer. He continues, “If you’re in a public place with a USB port, don’t use it. You can’t see what’s behind the USB port, so don’t assume it’s secure. If you have your charger, you can connect it to an AC outlet, which is 220 volts in our nation. This is rather safe because the charging equipment prevents any data connection through your phone. Most feature phones do not charge over USB and lack the processing power required to transfer data. Non-smartphones and other electronic gadgets, such as laptops, now support USB charging. Airplane ports are not USB-based; rather, they are traditional and supply little power. In principle, they could be used to attack a laptop, but most people carry their laptop chargers.”
