Scenario: You’re at the airport and your phone is dying. You have 10% left of battery life. You don’t see any outlets but you do see a USB charging station and an open USB port. You connect to it and now your device is infected with malware. You just became victim to a cyber attack known as Juice Jacking.
This attack while possible has not been seen in the wild so far. That doesn’t mean its safe to randomly connect to USB ports you find in public.
Consider these USB charging ports you always encounter in airports. They look like this or a variations of this. They all have a combination of outlets or USB ports. Aside from them being free to use, no one knows who made them or operates them. An attacker can implant special hardware to either steal your data or infect your device with malware.
Stealing Your Data
How would this be accomplished? Through a maliciously placed USB charging station or an automated one that has been breached by a bad actor. All it takes is one person to plug their device and a bad actor could steal their data.
Malware Infections
Like Data theft, a known bad actor would instead infect the device with malware or a virus that causes further damage. These types of attacks can range from cryptocurrency mining, spyware, ransomware attacks, along with data theft.
Cautious Travelling
The first and foremost way to be safe is to simply never use a USB charging station. Carry a travel charger with you and use public outlets if found. This may be tougher to use as there are many outlet types and finding a good power outlet at the airport can be tricky. Especially if you’ve never been there before.
Another good way is to use a power bank. A power bank or battery bank is an external battery pack that can be charged with a USB cable. It can charge a phone once or twice depending on the size. This can be plugged into a USB charging station without worrying about cyber attacks.
A third way, is to use a data blocker. Originally called a USB Condom, it is a special device that you plug into the charging cable and plug the device into a USB port. This device blocks the data connection so only power is allowed through. One can purchase one, now called SyncStop from their website or generic ones from amazon that work just as well.
A fourth option, which is not recommended, is to configure the device options to only allow power connections and restrict data connections. This is discouraged as it is not a secure method and the configuration may not be permanent.
Stay safe during the holidays. If you must use a public outlet be safe, otherwise grab a power bank.
