Page 18 - Webel Newsletter, April 2020
P. 18

18                                                                                             Volume: 28
                                                                                                   April 2020 Issue


                                                                                         e - Newsletter


                               Concept Note on Juice Jacking


    Juice jacking is a type of cyber-attack involving a charging port that doubles as a data connection, typically over USB.
    This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or
    other computer device.

    HOW IT WORKS

    You may have noticed that, when you charge your phone through the
    USB port of your computer or laptop, it also opens up the option to
    transfer  files  back  and  forth  between  the  two  systems.  USB  port  is
    often used as a medium for data transfer. A regular USB connector has
    five pins, where only one is needed to charge the device. Two of the
    other pins are used for data transfers.
                                                                                                       Image: https://juicejacking.org/

    As  we  all  often  charge  our  devices  via  USB  ports,  it  may  tend  to  open  up  the  options  to  transfer  files  between
    devices.  The  attacker  here  often  uses  off-the-shelf  hardware  that  gets  installed  on  the  charging  port  of  public
    charging  boards.  These  are  specifically  designed  to  breach  security  and  gain  access  to  connected  devices
    information as soon as the connection is established. And you may lose the data without even knowing about it.

    HOW TO PREVENT
               Never use a free USB port or charging cable. Carry your charging adapter and cable whenever you are
               travelling. This would save you from being at the disposal of crackers at the public charging stations.

               It is advisable to invest in a power bank that can be used in case you can't find an empty wall socket.


               If  you  insist  on  charging  your  device  via  a  USB  port,  it  is  recommended  you  should  purchase  “USB
               condoms”.  They  provide  an  extra  layer  of  security  and  protection  between  the  port  and  the  mobile
               device.

               Switch your phone off if you are using a charger/adapter that is not yours, especially in public places. This
               allows the power to travel to the phone without having any data transit taking place. There is a one way
               flow hence no data flows out of the device.

               Use Charge Only USB cables in public places. The charge only cables only charge a device and do not
               allow data transfers. It is a two conductor cable, hence stops malicious people from juice jacking.

               Do not accept the request to allow the cable to be used for data transfer. In case only a data cable is
               accessible,  'cancel'  the  request  to  transfer  data  hence  blocking  the  data  flow  and  allowing  it  to  only
               charge.













       Webel Bhavan, Block – EP & GP, Sector – V, Salt Lake, Kolkata – 700 091                                                               e-Newsletter of WBEIDCL
          Tel: +91 33 2357 1704/06    |    contact@webel-india.com    |    Toll free: 1800-345-5178    |    Website: https://www.webel.in/
   13   14   15   16   17   18   19   20   21   22   23