Public charging stations for your mobile devices could be hazardous

Public charging stations for your mobile devices could be hazardous

img-blog-girl-with-laptop

Do you give it a second thought before you plug your mobile device into a public charging station? Here are some things you need to know before charging on the go.

So, you’re running low on battery and need a quick charge on your phone, tablet or laptop. Forget the risk of plugging in at a public changing station and you may be sorry!!! They are easy targets for hackers to install malware and steal data from anyone who uses them.

Sure, it’s common to see free USB charging stations in popular areas, from libraries, airports, malls to hospital waiting rooms, coffee shops, fast food restaurants, etc. While it seems convenient, you could be putting your important, private data at risk of being stolen, even your company’s. This process is known as juice jacking. It allows bad actors to not only read your data, but also export it, including your passwords. They can lock your mobile devices as well, making it useless. 😲

How would cybercriminals use juice jacking to steal your data?

Juice jacking, although not necessarily a well-known cybersecurity threat, is a method hackers could use to install malware or potentially transfer data when plugging your mobile device into a charging station in as little as a 60-second power-up. Today, most devices request permission before data transfers are initiated; hence transferring data is a potential threat versus a real threat.

Malware and data theft

When data is stolen, most of the time it’s usually photos and contacts only. However, with juice jacking, victims could easily be targeted if they are specifically known to possess valuable information. On the other hand, malware is a potential threat to anyone using a charging station. The jack could be programmed to inject a keylogger that records the user’s passwords. It could also be used to track the phone’s location, record calls or lock out the user entirely.

How juice jacking became a thing

The concept of juice jacking was first demonstrated in 2011 at DEF CON, an annual security conference where many of the attendees are ethical hackers. At this conference, free charging stations were setup where 360+ people plugged in their phone. In doing so, a message appeared on the screen in the kiosk that read, “You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”

Juice jacking is a real threat

As stated earlier, juice jacking is not necessarily a well-known cyber security threat. It has, however, been shown to work by cybersecurity researchers

That said, once an attack like this one has been theoretically proven, eventually the technique can and most likely will be used. You never know when the hypothetical could turn into reality. Don’t take any chances. Avoid the potential of infecting your mobile device at public charging stations while using alternative methods to protect yourself.

How to avoid juice jacking and malware while charging your phone in public places

The threat of charging stations at random is well known, which is one of the reasons a warning message appears on mobile devices before a data transfer is initiated. The best steps to avoid being hacked at any public charging station are as follows:

  • Don’t use public USB power charging stations
  • Be careful who you allow to use your phone
  • Do not use any charging cables and power banks that seem to be left behind
  • Use electrical outlets with your own charging cable
  • Use a portable battery power bank (yours, not someone else’s) or spare batteries
  • If you use a public charging station, be sure your phone is locked with a PIN when charging
  • Use a charge-only cable so that only the transfer of power, not data, is possible, or
  • Use a USB data-blocker device to prevent data transfer

Final thoughts

An abundance of data is stored on our mobile devices at any given time and protecting it and our privacy is essential. While juice jacking may not be at the top of the list insofar as a cyberthreat, it is worth being aware that your personal information is at stake. Equally troublesome are the threats of malware that can be loaded on our mobile devices. The next time you’re in a hurry for a quick charge, remember the steps above. Lastly, help others and share this information with your family, friends and organization.

In Conclusion

If you are a business and want help with cybersecurity solutions for your SMB company, we can help meet your company's unique demands. Connect with a Client Success Manager to schedule a time to discuss your needs and how we can meet them.