True Stories About Juice Jacking
A true story
“I use my smartphone to store everything - from passwords and bank details to meeting locations and client details. I even make private notes on my smartphone so that I always have access to them. My phone is my personal computer,” says Mickey R, a head hunter at a renowned multinational company. He goes on to admit, “although I make it a point to carry my phone charger, there have been several instances when my phone ran out of juice, and I plugged it into the nearest charging booth.” When asked if he thought that public charging booths were safe, this is what he said: “Of course they are safe - what could go wrong? I always charge my phone at the kiosk at the airport – it saves me time, and I don’t have to rummage through my baggage for my charger. I think public charging booths are safe and handy.”
This is a common enough situation. Most of us have a strong bond with our smartphones as they serve as our diaries or personal computers. We believe that as long as our smartphone is in our possession, our data is safe. Most of us do not hesitate to use public charging booths to charge our smartphones.
Mickey R was fortunate to have not lost his data despite using public charging kiosks. But let’s look at the story of Walter Scott – An architect who often charged his phone at the coffee shop he visited every day. “A few days ago, my phone shut down when I was charging it at the coffee shop – I remember. I didn’t think anything about it at the time. Later that same day, I realised my emails were being opened before I opened them and I was positive something was amiss when I received an SMS that money had been debited from my bank accounts.”
Unfortunately, every time we charge our smartphone at a kiosk, we risk losing our most private information to hackers. Perhaps it has already happened to you?
Is this threat real?
Using untrusted USB charging ports to charge a smart device can compromise all your private information.
Researchers at Ben-Gurion University, Israel, have confirmed 29 ways to hack into a smart device via a simple USB port. These hacks fall into four categories:
- A USB device’s internal microcontroller can be reprogrammed to carry out the operations of a keyboard.
- A USB device’s firmware is reprogrammed to download malware and for data exfiltration.
- Flaws in a USB device’s operating system are leveraged to change the way they normally interact with USB protocols and standards.
- USB-based electrical attacks.
So, the next time you think of charging your smartphone at a public kiosk, think again. Is it worth the risk? Are you willing to compromise your data?
The risk is as real as the threat. Are there ways to counteract this threat?