Page 18 - Webel Newsletter, April 2020
P. 18
18 Volume: 28
April 2020 Issue
e - Newsletter
Concept Note on Juice Jacking
Juice jacking is a type of cyber-attack involving a charging port that doubles as a data connection, typically over USB.
This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or
other computer device.
HOW IT WORKS
You may have noticed that, when you charge your phone through the
USB port of your computer or laptop, it also opens up the option to
transfer files back and forth between the two systems. USB port is
often used as a medium for data transfer. A regular USB connector has
five pins, where only one is needed to charge the device. Two of the
other pins are used for data transfers.
Image: https://juicejacking.org/
As we all often charge our devices via USB ports, it may tend to open up the options to transfer files between
devices. The attacker here often uses off-the-shelf hardware that gets installed on the charging port of public
charging boards. These are specifically designed to breach security and gain access to connected devices
information as soon as the connection is established. And you may lose the data without even knowing about it.
HOW TO PREVENT
Never use a free USB port or charging cable. Carry your charging adapter and cable whenever you are
travelling. This would save you from being at the disposal of crackers at the public charging stations.
It is advisable to invest in a power bank that can be used in case you can't find an empty wall socket.
If you insist on charging your device via a USB port, it is recommended you should purchase “USB
condoms”. They provide an extra layer of security and protection between the port and the mobile
device.
Switch your phone off if you are using a charger/adapter that is not yours, especially in public places. This
allows the power to travel to the phone without having any data transit taking place. There is a one way
flow hence no data flows out of the device.
Use Charge Only USB cables in public places. The charge only cables only charge a device and do not
allow data transfers. It is a two conductor cable, hence stops malicious people from juice jacking.
Do not accept the request to allow the cable to be used for data transfer. In case only a data cable is
accessible, 'cancel' the request to transfer data hence blocking the data flow and allowing it to only
charge.
Webel Bhavan, Block – EP & GP, Sector – V, Salt Lake, Kolkata – 700 091 e-Newsletter of WBEIDCL
Tel: +91 33 2357 1704/06 | contact@webel-india.com | Toll free: 1800-345-5178 | Website: https://www.webel.in/