‘Juice-jacking’ – The next big threat to the mobile workforce?

Posted 19 August 2011 13:00 CEST by Justin_Massoud

21st century workers are constantly on the move. They shift and set up in myriad new “offices”; coffee shops, restaurants and hotels are now viable options. No longer are they chained to their desks or homes for deadlines and meetings. And with that change comes new security threats. “Juice-jacking” is one of them.

Brian Krebs discussed how thieves can hijack personal data from smart phones via charging stations at his web security blog, Krebs on Security. The tech expert revealed that hooking up to one of those benign-looking kiosks could compromise any information stored on your device or infect it with malware. The problem presents itself only when using a USB cable to charge your phone, said Krebs. Sticking with a tried-and-true AC adapter sidesteps the threat altogether.

Juice jacking is not far removed from “skimming” – a scam which targets ATM users and lifts their PINs through various underhanded tactics such as hidden cameras or fake keypads that record their finger taps.

At least one company is attempting to educate the public. Krebs spoke with Brian Markus, President of Aries Security, who bemusedly related stories of shocked DefCon Convention attendees who had willingly plugged into the company’s own free charging kiosk only to learn about how potentially dangerous doing so was.

Aries Security provided customers with a warning upon connection: “You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!” Ironically, it’s not far-fetched to imagine thieves misleadingly providing a similar message to mollify fear. Even worse, juice jacking seems simple.

“Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device,” said Markus.

Fortunately, some headway was made by the company’s test.

Markus said that one particular guinea pig claimed his boss – after discovering juice-jacking at the annual conference – quickly banned employees from using such public charging stations. However, the sheer number of people who rely on their phones for more than just talking and texting means there are plenty of potential victims for the unscrupulous to prey upon.

If you simply must use a public USB charging station, researchers have found that powering off your device before plugging it in can eliminate the unauthorized access risk on some devices.

Have you ever used a public charging station? Did you already know about the potential threats of doing so? Let us know in the comment section.



rexroach
MyCE Member
Posted on: 19 Aug 11 14:27
use a doctored usb lead with the 2 center data connectors shorted together, your phone will charge faster too
0 Agree

BradWright
MyCE Member
Posted on: 19 Aug 11 15:02
Quote:
Originally Posted by rexroach
use a doctored usb lead with the 2 center data connectors shorted together, your phone will charge faster too
You can also buy a USB charging cable that doesn't have the data connectors.
0 Agree

Blu-rayFreak
MyCE Resident
Posted on: 19 Aug 11 16:48
Quote:
Originally Posted by BradWright
You can also buy a USB charging cable that doesn't have the data connectors.
Didn't know that, coolness.
0 Agree

debro
Blown to smitherines
Posted on: 20 Aug 11 01:43
My android phone & tab have development mode on.
The devices don't mount the drives unless I specifically tell it to. Wake me up when android exploits bypass it.

Laptops might not share the same luxury, but it should be a setting in the os to ignore usb con nections until acknowledged by the user.

Iphones/ipads are usb connection whores, they squeal like a pig to anything which tells them itunes is installed.
0 Agree

olddancer
MyCE Senior Member
Posted on: 20 Aug 11 05:35
Perhaps this will knock a bit of sense into the Net Junkies that just have to be connected to their artifical world 24/7, but I doubt it.
Personally, I will still enjoy my Espresso in a (purposfully) RF shielded Coffee House, having Real conversations with Real people. No WiFi, no Cell Phones, no polystyrene jerks.
0 Agree

tmc8080
MyCE Resident
Posted on: 22 Aug 11 19:18
People will also probably put padlocks on their electrical outlets when plug-in elec hybrids become very popular & prolific. Although you probably could earn juice credits by shopping at Walmart and use their outlets for free with a minimum purchase.. one day when the car compnaies get their heads out of the oil companies' ass.
0 Agree

Seán
Senior Administrator & Reviewer
Posted on: 22 Aug 11 19:54
These are my suggestions to avoid being short on power:

1. Spare battery (unless you're an iPhone owner.) The batteries in most phones now are very thin and may even fit in a wallet. The big advantage here is that the battery can be swapped over without waiting around for the phone to partially charge. The catch is remembering to charge both batteries later.

2. Portable charger. The one I have (Veho pebble) is about the size of a 2.5" USB HDD and fully recharges my Nokia 5800 phone 3 to 4 times from empty. The advantage with this is that it can charge other handheld items such as GPS, MiFi dongle, etc. and charges a lot faster than a USB charger. It also saves carrying a separate mains charger, as it can plug into a laptop's USB port to charge, e.g. while the laptop itself is also plugged in to charge up.

3. USB charger for those who regularly carry a laptop everywhere. As a few mentioned, you can pick up a USB charger for a few quid (€2 here in discount shops), which only connect the 5v power and charge the phone from your laptop. So while checking your e-mail at the coffee shop, your phone could be charging up from your laptop/netbook.
0 Agree

cfid
New Member
Posted on: 18 Dec 13 22:25
MyKey Technology (mykeytech dot com) has a cable

specifically designed to prevent Juice Jacking. Each and

every cable is tested and they are simple, easy and just

works. and only $8.00.
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post.

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×