According to a recent warning by the Federal Communications Commission (FCC), cybercriminals have found very inventive ways to drop malware and steal data from victims’ mobile devices. The term “Juice Jacking’ refers to charging kiosks found at travel centers such as airports and bus terminals that have been compromised by attackers. The term was first used by Brian Krebs in 2011 after a proof of concept was successful at DEFCON by Wall of Sheep. They were able to compromise the kiosk to post a message when someone plugged their phone into it. There are two types of Juice Jacking attacks. The first is data theft; it is carried out by installing malware into the kiosk specifically designed to steal user data when the device is plugged in. The second, malware installation, works by dropping malware onto the connected device as soon as the cord is plugged in. This type is capable of stealing data, installing adware, crypto miners, ransomware or trojans at the attacker’s leisure.
Analyst Notes
Even though this attack has not been seen in the wild as of yet, this has the potential to be extremely costly to the victims. There are some simple ways to defend from this attack though. Travelers should avoid using USB plug chargers provided by others and use AC power outlets instead. Carrying a portable battery or a cable that allows only charging but not data transfer can help secure your device. It is also recommended to never use an unknown charging cable. Cables can be compromised by attackers through the installation of tiny circuits that can drop malware.
Original Article: https://www.fcc.gov/juice-jacking-dangers-public-usb-charging-stations
