Is your mobile phone running out of juice? Need a quick charge? Ah, there is a public charging station! Wait, is it safe? May not be, says SBI. Beware, you can be a victim of Juice Jacking.
One of India’s largest and premier government controlled banking institution, the State Bank of India has publicly issued a warning of ‘Juice Jacking’ through its twitter handle. In a country like India where digital economy is still in its nascent stage, this social and digital awareness campaign is welcomed by many. The bank in its tweet advised its customers and general public to “think twice before plugging-in their phone at (pubic) charging stations, as hackers can maliciously infect their smartphone with a malware.”
What is Juice Jacking?
In simple words, Juice Jacking is an attack carried out by hackers through a USB charging cable. When a user plugs in the charging cable in his mobile’s charging port, and connects it to any of the rigged charging stations installed at public spaces such as airports, train stations, hotels, cafes etc – it gives a back-door entry to hackers into the compromised device. The charging port which is also used for data transfer over the USB, is pointed as the main cause of concern over here. Installing malware, cleaning user data, asking ransom in exchange for access to personal data on the phone, personal and financial account hijacking are just some of the many nefarious things that a hacker can do with this unrestricted access.
Steps to Mitigate the Risks
In order to guard your phone against Juice Jacking, take these precautionary measures:
- Avoid using public charging stations. These are soft targets for hackers as they are often kept unguarded and without any surveillance. Even while using them, go behind the charging station and check the power source of the USB ports.
- Always use your own AC charging adapter and cable for charging the device. And be sure to plug it into the AC wall socket, and not the USB socket on the wall.
- Stay guarded against a stranger’s device and laptop. Do not connect with an unknown person’s laptop or PC for charging your electronic devices and vice-versa.
- For emergency situations, buy and carry a certified power bank with enough capacity to take care of your device’s emergency power backup needs.
- It may be difficult to find, but try to use a cable that can be used only as a charging cable and not a data cable. This can be a task as almost all mobile devices come with a charger that is capable of charging as well as data transfer.
- Frequent travelers should use a USB blocker. It is a small device that blocks the data connection on the USB cable by blocking its data pins.
In a similar warning earlier, the Los Angeles District Attorney urged travelers to avoid public USB power charging stations in hotels, airports, and other public locations. The Attorney’s warning described many attack vectors that cybercriminals use to abuse USB wall chargers. And the most common way is via “pluggable” USB wall chargers that can be plugged into an AC socket by attackers to leave malware at public charging stations.