Blog

Juice Jacking: Easy Way To Copy Data, Protect your data

Have you ever imagined that Innocuous looking USB charging ports available at public places like airport, railway station or restaurant can be a medium of your device’s data theft? Yes, you are reading it right, hackers are stealing mobile data from USB ports which we use for charging our mobile on public places. This cyber attack is called Juice Jacking. In this article we will learn about Juice jacking and how to protect our data from such a serious cyber-attack.

 

Contributed By:

  • Shruti Kumari, DAV Public School, Jasola Vihar, New Delhi
  • Apeksha Maurya, DAV Public School, Jasola Vihar, New Delhi
  • Rashi Gupta, DAV Public School, Jasola Vihar, New Delhi
  • Keisha, Delhi Public School, Pune

 

Incident:

Amit Kumar Mishra (name changed) was meeting with his old friends at Central Delhi’s Connaught Place for a reunion after long time. While waiting for his friend at designated place, his iPhone vibrated in his jeans pocket. It wasn’t a text. A ‘low battery’ alert had popped up on the screen. To recharge the mobile, without giving a 2nd thought he plugged his mobile into a nearby free USB power charging station.

He was enjoying with his friends without realizing that in few minutes his party is going to be spoilt. As Amit kumar stated, “I received a message that Rs 50,000 has been debited from my bank account, though I had not made any such transaction,”.

He instantly realised that he has become a victim of some fraud and approached Delhi Police’s anti-cybercrime cell. After investigation and doing forensic investigation Delhi police confirmed him that when he used public USB charging port, his phone was hacked and all the information has been transferred to cyber criminal’s machine. This information was used for stealing the amount from his account.

 

What is Juice Jacking?

 

When we use publicly available charging booth or ports to charge our phone our data can be transferred to cyber criminals’ machine through Juice Jacking. Juice jacking is a type of cyber-attack involving a charging port that can be used as a data connection, typically over USB. In juice jacking most commonly, hackers either install malware or secretly copy sensitive data from a smart phone, tablet, or other computer device which is plugged in for charging. Charging phones on a Public charging kiosk is not very uncommon and we never think about any risk in it, in reality our phones can get infected through the Juice Jacking.

 

Modus Operandi?

A regular USB connector has five pins where one is used for charging the device and other pings are used for transferring the data. As soon as we connect our device with USB cable it starts charging the device but at the same time its other pins make it data transfer-ready. The attacker uses off-the-shelf hardware and installs it on the charging port of public charging boards. Such hardware devices are specially designed to steal data and gain access to connected devices as soon as the connection is established.

It has also been observed that Juice jacking is being used for corporate espionage. Cyber criminal targets the top executives of companies and look for the opportunity to steal data when such high profile executives plug their device in public charging port at Air ports or business centers.

 

There are two ways juice jacking:

  • 𝗗𝗮𝘁𝗮𝗧𝗵𝗲𝗳𝘁: During the charge, data is stolen from the connected device. Using this information, cyber criminals may make banking transactions or carry out further phishing attack.
  • 𝗠𝗮𝗹𝘄𝗮𝗿𝗲𝗜𝗻𝘀𝘁𝗮𝗹𝗹𝗮𝘁𝗶𝗼𝗻: As soon as the connection is established, malware is dropped on the connected device. The malware remains on the device until it is detected and removed by the user. Using this malware, cyber criminals take control of the device.

 

How to know if your device has been juice jacked?

  1. There will be excessive heating of your device.
  2. Rapid loss of charging
  3. Increased data usage (Check data usage before and after charging to ensure that no data transfer activity happened during the charging process)
  4. Apps crashing and taking long time to open up.
  5. Device operating slower than usual and restarting on its own.
  6. Unknown activity visible
  7. Unknown pop up coming on screen

 

Protection mantra:

  1.  The very basic prevention is to charge your phone before going out and carry a power bank
  2. Avoid using public charging spots.
  3. If there is some urgent need to charge your device, then charge your device only in switched-off mode.
  4. Change your phone's privacy settings to disable file transfer
  5. Use a USB data blocker dongle, which is a product that disables data transfer for USB cables.
  6. Do not accept the request to allow the cable to be used for data transfer.

 

Weseso is a non-profit organization which works for cyber safety of the society with students as agents of change.

To learn more about cyber security read weseso blogs, written by students from different schools. You can also write blogs and take part in various knowledge sharing discussion. To get involved, you first need to become a cyber warrior and become a part of larger community who are committed to secure family, friends and society from cyber crime.
To know how to become a cyber warrior, click the link: https://weseso.org/how-to-become-a-cyber-warrior/