Juice Jacking – Is this a threat against my cell phone and other USB-connected devices?
By: The First National Bank in Tremont (FNBT)
USB connections were designed to work as data and power transfer mediums for moving data and recharging your device. However, there is no strict barrier between the data transfer capability and the electrical power recharging capability on electronic devices that contain USB connections. As a result, cyber attackers figured out they could abuse these capabilities inherent in USB connections to hide and deliver malicious data that a user might think was only transferring electrical power. This is called "juice jacking."
Several mobile device manufacturers have updated their devices to ask users if they want to connect their devices before any data transfers take place. Declining to connect prevents data transfer from occurring. There is also "video jacking," which is when a malicious actor gains control of the screen on a phone or tablet to record and mirror its screen when plugged in for a charge to a corrupted connector. While these threats may not yet be broad-based, it is becoming easier for cyber attackers to do, and the components needed for such an attack cost less than when the FCC first warned against this threat in 2019. However, there are a few easy steps you can take to protect your devices from this threat:
- 1. Avoid using a public USB charging station. Instead, use an AC power outlet with the power block and USB connector that came with the device.
- 2. If you plug your device into a public USB port and a prompt asks you to select "share data," choose decline or "charge only."
- 3. Bring AC chargers, car chargers (cigarette lighter plug-in with a USB connection), and your USB cables obtained from a reliable source.
4. Carry a portable charger or external battery.
5. Avoid using free USB cables given away as a promotional item, found lying around public spaces, or sent to you unsolicited.
If you have been victimized by cyber fraud, file a report at the FBI's Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.