In public places such as airports, hotels, and shopping malls, USB charging stations are everywhere, and seem like a convenient way to keep devices charged up. There are ways for bad actors to introduce malware and monitoring software onto devices using public USB ports, according to the agency’s tweet. “Carry your own charger and USB cord and plug your device into an electrical outlet instead,” it advised, and protect yourself from juice jacking.
Juice jacking is an insidious form of cyberattack that targets unsuspecting travelers who plug their devices into compromised USB charging kiosks. Malware can be uploaded to the device and remain on it for an extended period, putting sensitive data such as passwords, credit card details, and personal information at risk. Furthermore, attackers may employ this strategy to track keystrokes or display ads or add the device to a botnet – a network of computers controlled by malicious software without the owners’ knowledge.
The FBI should warn consumers about this, says Adrianus Warmenhoven, a NordVPN cybersecurity advisor. Security researchers thought this was a difficult attack for criminals until very recently. Because to conduct an attack this way, a criminal must physically alter a USB port.
For two reasons, however, the risk of being juiced has increased recently. First, Warmenhoven says, cybercriminals now have a higher return on investment for this type of attack. “Criminals are becoming much more brazen,” he says. Criminals are now investing in collecting data because it is a financially good investment because the data can fetch you so much money, and the entire criminal data industry has grown so much,” he says.
Additionally, juice jacking has become more accessible. “The technology to do this has become much cheaper. It’s almost an obvious choice,” Warmenhoven says, referring to the long-running internet television show watched by hackers and cybersecurity professionals, that you can even buy readymade cables for red teaming from Hak5. An organization or client’s security weaknesses can be identified by a red team using adversarial tactics in cybersecurity.
Using Hak5’s O.M.G. adapter, a technically inexperienced attacker is able to convert charging plugs at airports simply by opening the socket, replacing the original adapter with the O.M.G. adapter, and closing it again. The process takes just a few minutes with practice, he says, and a techie can make one for less than $7.
It can take months or even years to detect juice jacking attacks. Warmenhoven warns that if the malware hits you, you may not even notice it at all, because it is stealthy, quietly sending data to a central location, which then sells it. When the victim’s data reaches the criminal, the vacation is long gone. “If you notice your phone working slowly or feeling hotter than usual, you may have picked up malware,” he says.
Warmenhoven suggests the following tips to protect yourself from juice jacking:
Power banks are convenient and safe. “Using a portable charger means you never have to use a public USB port,” says Warmenhoven.
A USB data blocker is a small, inexpensive device that looks like a thumb drive but has an open USB port on the back. It plugs directly into USB ports, acting as a shield between the port and the device.
As Warmenhoven points out, it has long been referred to as a USB condom in the security industry, but now it is referred to as a data blocker because it has negative connotations. As a result, electricity can be transferred to your device, but not malware, since only two or three wires are cut in the middle of your USB connection.
Amazon.com and big box stores like Walmart and Staples sell data blockers for as little as $3.
Don’t use cables that look like they’re left behind by other travelers in airport lounges or hotel lobby. “The O.M.G. cable from Hak5 is an attack device that looks like a normal cable,” he warns. A malicious payload can be loaded onto it.
“If you’re smart when traveling, put one of these charging-only cables in the front pocket of your backpack. They will only transfer electricity, not data. If you use this cable while traveling, Warmenhoven advises, pointing out that many vendors sell charging-only cables, including IKEA and others.
Don’t plug into electricity-only power sockets. Juice jacking attacks only occur when you’re connected to a USB charging port. It is possible to avoid the risk of infected cables and USB ports by simply using a regular old power outlet if you absolutely must charge your phone in public.
Travelers can keep their devices charged without exposing their personal data by following these tips, says Warmenhoven.
- “Cyber Attacks On Critical Infrastructures Are Evolving” insights from IBM’s Cybersecurity Expert
- Cyberattacks increase in Covid as global population goes online: Report
- 45% of Indian organizations hit with ransomware attack in 2022 were repeat victims
- Firms Should Invest Over 10% of IT Assets in Cyber Security: Expert says