Juice Jacking: What It Is, How It Works, and How to Avoid It
The U.S. Federal Communications Commission (FCC) issued a new advisory about “juice jacking” and its potential to carry out a silent cyberattack against your mobile device while you’re charging it with a USB cord. And the FBI is also warning of the risk.
“Avoid using free charging stations in airports, hotels, or shopping centers,” the FBI’s Denver office tweeted. “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.”
Let’s take a closer look at what juice jacking is and how you can protect yourself and your family — or your employees — as they travel. All our devices want “juice,” but we want to avoid having our data highjacked as a result.
BlackBerry is unaware of this attack method being widely used and we hope to keep it that way by sharing this information.
The Technology Behind Juice Jacking Attacks
BlackBerry has long been known for mobile device security, so we asked BlackBerry Senior Director of Cyber Threat Intelligence Dmitry Bestuzhev for details on this type of attack, and how it might be perpetrated via a public charging station.
“When it comes to charging stations, theoretically, there’s no need for any computers behind them. A power supplier provides electricity and allows you to connect devices for charging. However, when we speak about malicious activity surrounding charging stations, there is some sort of computer or smart device behind these stations, and there’s a computer or smart device connected to those USB charging cables to provide electricity and access data.”
How Juice Jacking Works
Next, Bestuzhev explained how juice jacking works.
“Imagine using a phone for charging. You use the same cable for synchronizing data on your phone with a computer, such as photos, videos, and other information. The same port or cable is used for both data and electricity. When someone connects a device to a rogue malicious station, technically what may happen is the threat actor behind the station might provide electricity and enable data transmission between the malicious computer and your device, to steal information or install malicious code.”
This can give threat actors what they need to lock your device or export your personal data and passwords.
How to Protect Yourself Against Juice Jacking
Bestuzhev says there are a number of ways you can reduce the risk of this particular attack against your devices and your data.
"Use a standard AC socket, instead of the USB for standard charging. The same goes for when you connect any other appliance. This is one way to reduce the risk of having your information stolen from your device.”
But what if you’re at an airport, for example, and the regular sockets are taken, or you only have a USB cord for charging? In that case, you’ll want a device that costs just a few dollars, called a data blocker.
“Data blockers look like USB devices. They’re essentially designed on a hardware level to block any data transmission to or from your device. So even when you connect to a malicious charging station, if you’re using a data blocker, you’ll still get the electric charge for your device, but data won’t flow. Data blockers are available online and should really be part of any ‘frequent flyer’ or ‘frequent traveler’ kit.”
Here are additional steps to protect yourself, according to the new FCC Advisory on juice jacking:
Bring your own “juice” by packing an extra battery in the form of an external charging device.
If you plug your device into a USB port and a prompt appears asking you to select "share data" or “charge only,” always select “charge only.”
Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, or use the “data blocker” as described above.
Now you know how to protect yourself, your family, and your employees from juice jacking.