You might have heard that the FBI is warning everyone about “Juice Jacking” via Tweets like this one:
This has caught the attention of the media and has generated a lot of phone calls and emails from my clients to me. But what isn’t helping is that there really isn’t a good explanation of what “Juice Jacking” is and why or if you should care. This is where this article comes in as I hope will explain what this threat is and what you can do to protect yourself.
First, let me explain what this attack is. “Juice Jacking” is theoretical type of attack on devices like phones and tablets which use the same cable for charging and data transfer, typically a USB cable. The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data. Now I use the word theoretical because I have yet to hear of an actual attack using this method. Now to be clear, that doesn’t mean that it hasn’t happened. But there has been no proof that this has happened in the wild. Having said that, I am aware of proof of concept attack demonstrations, as well as cables and other hardware that are available that could be used to execute these attacks. Thus if you want my opinion, you should be concerned about these attacks. There’s also the fact that recent versions of Android and iOS will prompt you in terms allowing a device to connect to something. Thus if you’re paying attention and see one of these prompts, you may want to think twice about connecting to whatever it is you’re connecting to. But the threat actors I suspect are counting on the fact that you’re not paying attention in order to make this attack work.
Based on that, how do you protect yourself? That part is easier than you think. Here’s some random suggestions that I came up with:
- Don’t use public charging stations, EVER. Instead, use a power bank to keep your devices charged. If you must recharge something via a public charging station, charge the power bank instead of the phone. Another option is to always carry your own charger.
- Don’t use “promo” or “free” cables to charge your gear. Instead, you should buy good quality cables from known brand names and always keep them on hand. Yours truly for example always has a cable on my keychain, and a couple in my tech sling bag along with my own charger.
- Consider using a “charging only” cable which does not send data over the wire. That in theory should make you safe from this attack if you must use a public charging staging. Buy good quality cables from known brand names and always keep them on hand.
Since the FBI came out with this warning, I will assume that they are doing this because they found evidence that this is a threat that we all need to be worried about. So it makes sense that we should all take some precautions based on that. And fortunately those precautions are simple. If I hear about any actual attacks, I’ll be sure to post them here as I am sure that knowing that these are more than theoretical attacks would be helpful for us all.
Like this:
Like Loading...
Related
This entry was posted on April 16, 2023 at 9:11 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
What Is “Juice Jacking” And Why Should You Care?
You might have heard that the FBI is warning everyone about “Juice Jacking” via Tweets like this one:
This has caught the attention of the media and has generated a lot of phone calls and emails from my clients to me. But what isn’t helping is that there really isn’t a good explanation of what “Juice Jacking” is and why or if you should care. This is where this article comes in as I hope will explain what this threat is and what you can do to protect yourself.
First, let me explain what this attack is. “Juice Jacking” is theoretical type of attack on devices like phones and tablets which use the same cable for charging and data transfer, typically a USB cable. The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data. Now I use the word theoretical because I have yet to hear of an actual attack using this method. Now to be clear, that doesn’t mean that it hasn’t happened. But there has been no proof that this has happened in the wild. Having said that, I am aware of proof of concept attack demonstrations, as well as cables and other hardware that are available that could be used to execute these attacks. Thus if you want my opinion, you should be concerned about these attacks. There’s also the fact that recent versions of Android and iOS will prompt you in terms allowing a device to connect to something. Thus if you’re paying attention and see one of these prompts, you may want to think twice about connecting to whatever it is you’re connecting to. But the threat actors I suspect are counting on the fact that you’re not paying attention in order to make this attack work.
Based on that, how do you protect yourself? That part is easier than you think. Here’s some random suggestions that I came up with:
Since the FBI came out with this warning, I will assume that they are doing this because they found evidence that this is a threat that we all need to be worried about. So it makes sense that we should all take some precautions based on that. And fortunately those precautions are simple. If I hear about any actual attacks, I’ll be sure to post them here as I am sure that knowing that these are more than theoretical attacks would be helpful for us all.
Share this:
Like this:
Related
This entry was posted on April 16, 2023 at 9:11 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.