Juice Jacking

Mobile phones can get infected through a type of cyber attack called Juice Jacking. A USB port is not simply a power socket, you can also use it to transfer and sync your data. A hacker can tamper with a USB charging port at a public charging station to steal passwords and export data.

Juice Jacking – Threats:

• The State Bank of India has warned its customers against plugging-in their phone at charging stations at various public places and also informed people about ‘juice jacking’, a USB charger scam could end up draining bank account of a customer. 

• Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. It is also called known as USB data blocker.

• 1. Data theft:
• Data is stolen from the connected device; there are crawlers that can search your phone for personally identifiable information (PII), account credentials, banking-related or credit card data. These crawlers have the ability to copy all information to their own devices. There are also many malicious apps that can clone all your phones’ data to another phone.
• 2. Malware installation:
• Once the connection is established, malware is automatically installed in the connected device. The malware remains on the device until it is detected and removed by the user. There are many categories of malware that cybercriminals can install through juice jacking, including adware, cryptominers, ransomware, spyware, or Trojans.

Steps to Mitigate the Risks:

• The main way to avoid juice jacking is to stay away from public charging stations or portable wall chargers. 
• Carry a personal charger or a power bank or use USB condoms which are adaptors that allow the power transfer but don’t connect the data transfer pins.
• Switch off your phone or lock your phone and then plug it into the charging port. But this technique only works on few mobile models