Have you ever imagined that Innocuous looking USB charging ports available at public places like airport, railway station or restaurant can be a medium of your device’s data theft? Yes, you are reading it right, hackers are stealing mobile data from USB ports which we use for charging our mobile on public places. This cyber attack is called Juice Jacking. In this article we will learn about Juice jacking and how to protect our data from such a serious cyber-attack.
Amit Kumar Mishra (name changed) was meeting with his old friends at Central Delhi’s Connaught Place for a reunion after long time. While waiting for his friend at designated place, his iPhone vibrated in his jeans pocket. It wasn’t a text. A ‘low battery’ alert had popped up on the screen. To recharge the mobile, without giving a 2nd thought he plugged his mobile into a nearby free USB power charging station.
He was enjoying with his friends without realizing that in few minutes his party is going to be spoilt. As Amit kumar stated, “I received a message that Rs 50,000 has been debited from my bank account, though I had not made any such transaction,”.
He instantly realised that he has become a victim of some fraud and approached Delhi Police’s anti-cybercrime cell. After investigation and doing forensic investigation Delhi police confirmed him that when he used public USB charging port, his phone was hacked and all the information has been transferred to cyber criminal’s machine. This information was used for stealing the amount from his account.
What is Juice Jacking?
When we use publicly available charging booth or ports to charge our phone our data can be transferred to cyber criminals’ machine through Juice Jacking. Juice jacking is a type of cyber-attack involving a charging port that can be used as a data connection, typically over USB. In juice jacking most commonly, hackers either install malware or secretly copy sensitive data from a smart phone, tablet, or other computer device which is plugged in for charging. Charging phones on a Public charging kiosk is not very uncommon and we never think about any risk in it, in reality our phones can get infected through the Juice Jacking.
A regular USB connector has five pins where one is used for charging the device and other pings are used for transferring the data. As soon as we connect our device with USB cable it starts charging the device but at the same time its other pins make it data transfer-ready. The attacker uses off-the-shelf hardware and installs it on the charging port of public charging boards. Such hardware devices are specially designed to steal data and gain access to connected devices as soon as the connection is established.
It has also been observed that Juice jacking is being used for corporate espionage. Cyber criminal targets the top executives of companies and look for the opportunity to steal data when such high profile executives plug their device in public charging port at Air ports or business centers.
There are two ways juice jacking:
How to know if your device has been juice jacked?
Weseso is a non-profit organization which works for cyber safety of the society with students as agents of change.
To learn more about cyber security read weseso blogs, written by students from different schools. You can also write blogs and take part in various knowledge sharing discussion. To get involved, you first need to become a cyber warrior and become a part of larger community who are committed to secure family, friends and society from cyber crime.
To know how to become a cyber warrior, click the link: https://weseso.org/how-to-become-a-cyber-warrior/