The Federal Bureau of Investigation (FBI) in the United States recently warned consumers against using USB ports for charging in public spaces such as airports, malls, and hotels, as attackers can “juice jack” data or insert malware into one’s phone or device for theft.
While the public service announcement released on Twitter was meant for Americans, many other countries, like the Philippines, also have public establishments with free charging stations as emergency assistance to consumers. The threat of a juice jack attack exists everywhere people plug their devices into untrusted ports, like in public charging stations.
Sean Duca, Vice President and Regional Chief Security Officer for Asia Pacific & Japan at Palo Alto Network, shared, “We should always remember that nothing in the world is free. Trusting public charging kiosks with your smartphone carries a significant risk of personal information being retrieved or downloaded without your consent.”
The recipe for a juice jack attack
A USB (universal serial bus) cable is the key ingredient in a juice jack attack. USB cables are designed with two wires for data transfer and power, respectively. Juice jacking happens when malicious actors embed malware into charging stations and activate data transfer through the USB cables to infect connecting devices.
The malware, now on the connected device, can then use seemingly normal notifications to trick people into giving it access. Examples include an app asking permission to access files similar to what social media platforms do or operating systems requiring users to authorize a new update. If not given focus, users could simply allow these requests without considering the risks of such a stealthy threat.
Once access is granted, the situation resorts to the classic scenario of attackers being able to crawl into the victim’s files and applications to collect sensitive information, including bank account credentials or credit card details, to steal data or money.
Resisting juice jacking
What’s the juice to countering a juice jack attack? Duca points back to the power of controlling access within one’s device. “Malware requires a user’s permission, much like any other app on your phone, before it can actually infect a device. The users are the last gate to keeping malware away, so it’s really important for them to think before they click and challenge why an app would request access to your personal information.”
He elaborated further that many mobile apps request access to a user’s data on a device, claiming that doing so will allow users to enjoy the app to its fullest potential. With this being the norm today, users tend to grant permission without considering the risks.
“Public charging stations also carry the threat of malware infection and data theft, similar to the dangers of public Wi-Fi networks. As a mobile-savvy nation, Filipinos need to be prepared to handle this risk by questioning whether we can trust our data with another device and understanding how it can be misused from the get-go,” he concluded.
More from News
Infinix is celebrating the MPL-PH Season 14 Grand Finals with passionate XFans
The MPL hype is still alive and well. Infinix, one of the top tech brands in the Philippines, is giving …
Monitor Your Health Anytime, Anywhere with the HUAWEI WATCH D2, Available for Pre-Order at PHP 19,999
HUAWEI Philippines’ first ever smartwatch with Ambulatory Blood Pressure Monitoring (ABPM), the HUAWEI WATCH D2[1], is now available for pre-order. …
Globe Business leads finance industry’s digital evolution with Mindhive Year 2 workshops
Globe Business continues to educate and empower the Banking & Financial Services Industry (BFSI) through Mindhive Year 2: Innovation Bootcamp, …