Site icon Welcome to CYBER MITHRA

Juice Jacking – Mobile charging at public places may turn out to be costly. Beware!

Juice Jacking

Juice Jacking cybercrime is in news a lot nowadays, as almost all of us carry smartphones or tablets during out travel, which are charged through USB charging cables. Cybercriminals are using such public USB ports available in places like airports, railway stations, hospitals etc for charging smartphones and tablets, to introduce malware and monitoring software onto users’ devices, posing a serious security threat. This new kind of cybercrime is called “Juice jacking”.

We generally tend to associate charging via USB cable with electricity rather than data, but when you plug your phone into a USB port, it can technically transfer both electricity and data. If it can transfer data, it can be used to do things like steal your personal information or upload malware to your device.

Juice Jacking technique exploits exactly this to steal data from your computing device or infect it with malware. Brian Krebs coined the term juice jacking in 2011 after he conducted a proof of concept attack at a defense conference. Since then there have been many reports of such attacks and in last April 2023, US FBI office warned against using public phone charging stations at airports or malls, citing malware risk.

How does this Juice Jacking cybercrime work :-

 When you connect your phone to your computer via USB, it typically gets mounted as an external drive, and you can access and copy files to and from your phone. That’s because, as mentioned above, your typical USB port isn’t simply a power socket but a data channel as well. A typical USB port comprises five pins, only one of which is used for charging. Two other pins are used for data transfer, and the remaining two are used as an attached device presence indicator and the ground, respectively.

You may have seen a prompt on your phone asking you to “trust” the computer you’re connected to. Trusting the host computer enables data transfers. If you choose not to trust the host machine or ignore the prompt, data transfers will not be possible – unless you connect your phone to an infected public charging station.

Infected USB ports can silently enable data transfer modes on your phone once connected. You won’t be prompted and won’t have any indication that this is happening. Once you unplug your phone, you may have had your personal information stolen, and your phone may well be infected with a virus or malware. Then the cyber criminal use the malware to open up a channel to either steal data from device or listen to all the data transmitted from the device or use the device’s computing power for cybercrimes like DDoS attack or bitcoin mining(crypto jacking, explained in previous article) etc.

How to protect oneself from such cybercrimes :-

If you are a victim of such cyber fraud :-

Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.in. Complain to the relavent authority about to the issue. If you feel that your Aadhaar and financial details was leaked, then lock your Aadhaar card at uidai.gov.in and block your debit/credit cards and change passwords of your bank accounts. Uninstall new free apps you installed, still in doubt format or factory reset your device.

Remedies available to victim legally(India) :-

Lodge a complaint at nearby cyber or regular police station under :

Juice Jacking – Mobile charging at public places may turn out to be costly. Beware!
Exit mobile version