Have you ever charged your mobile at a public USB charging station? They are becoming more and more common: in stations, airports, cafeterias… Very practical when we don’t have a charger on hand, or there isn’t a plug nearby, but we do have a cable for our smartphone, which is always with a red battery. Well, this habit is not recommended, since those USBs may be compromised. The technique is called juice jacking, and it’s a type of cyberattack in which criminals manipulate public charging stations to be transmitters of malware, thereby infecting devices when connected to them.
In other words, that manipulated USB port will not only charge the device’s battery, but will also be able to exchange data with the computer. Once the smartphone is connected to USB, the terminal will be infected with malicious software. Depending on the type of malware installed, it could steal personal data or monitor the device, if it were some kind of spyware.
The FBI has published a tweet warning about this technique and the internet has been revolutionized. But all cybersecurity experts have been warning about this technique for a long time, which is worth noting because it is not possible to know in advance if one of these charging points has been compromised.
The FBI tweet in question reads as follows: “Avoid using free charging stations at airports, hotels, or shopping malls. Malicious actors have discovered ways to use public USB ports to introduce malware and monitoring software onto devices. Instead, bring your own charger and USB cable and use a power outlet.”
Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023
What to do if we need to charge the device?
The term juice-jacking (linked to the term juice upadd energy) was coined by the journalist and cybersecurity expert Brian Krebs, following an experiment at the Defcon congress in 2011, where it was already warned that this technique could be used by attackers. It has rained a lot since then, and the chances of cybercriminals putting it into practice have also increased.
The recommendation to avoid putting the device and data at risk is not to use these types of public charging ports. But if an occasion arises when you really need to do it, the recommendation is to use a USB adapter that prevents data transfer. If you don’t have one, you can also set your device to restrict data.
In the case of Android smartphones, on some occasions when connected to a USB port, a notification appears that allows you to choose between various options to make the connection. In this case, it would be necessary to select the modality in which it is only loaded. If this popup does not appear, it can be set in settings to temporarily not transfer data via USB.
On iPhone devices, a notification always appears asking the user if they want to trust that device. To block data transfer, you just have to choose the option “do not trust the device”.
