21st century workers are constantly on the move. They shift and set up in myriad new “offices”; coffee shops, restaurants and hotels are now viable options. No longer are they chained to their desks or homes for deadlines and meetings. And with that change comes new security threats. “Juice-jacking” is one of them.
Brian Krebs discussed how thieves can hijack personal data from smart phones via charging stations at his web security blog, Krebs on Security. The tech expert revealed that hooking up to one of those benign-looking kiosks could compromise any information stored on your device or infect it with malware. The problem presents itself only when using a USB cable to charge your phone, said Krebs. Sticking with a tried-and-true AC adapter sidesteps the threat altogether.
Juice jacking is not far removed from “skimming” – a scam which targets ATM users and lifts their PINs through various underhanded tactics such as hidden cameras or fake keypads that record their finger taps.
At least one company is attempting to educate the public. Krebs spoke with Brian Markus, President of Aries Security, who bemusedly related stories of shocked DefCon Convention attendees who had willingly plugged into the company’s own free charging kiosk only to learn about how potentially dangerous doing so was.
Aries Security provided customers with a warning upon connection: “You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!” Ironically, it’s not far-fetched to imagine thieves misleadingly providing a similar message to mollify fear. Even worse, juice jacking seems simple.
“Anyone who had an inclination to could put a system inside of one of these kiosks that when someone connects their phone can suck down all of the photos and data, or write malware to the device,” said Markus.
Fortunately, some headway was made by the company’s test.
Markus said that one particular guinea pig claimed his boss – after discovering juice-jacking at the annual conference – quickly banned employees from using such public charging stations. However, the sheer number of people who rely on their phones for more than just talking and texting means there are plenty of potential victims for the unscrupulous to prey upon.
If you simply must use a public USB charging station, researchers have found that powering off your device before plugging it in can eliminate the unauthorized access risk on some devices.
Have you ever used a public charging station? Did you already know about the potential threats of doing so? Let us know in the comment section.