Is 'juice jacking', where your smartphone is hijacked when you use a public charging port, really possible?
'
Is it safe to charge my phone at a public charging station? - Vox
https://www.vox.com/technology/2023/9/1/23850809/public-phone-charging-station-juice-jacking-airport-battery-fbi
Many people have had the experience of using a charging port at a cafe or fast food restaurant when their device was about to run out of charge while they were out and about. However, the FBI and FCC have repeatedly warned that by modifying such charging ports, there is a risk of hacking the device via the cable, stealing data or installing malware.
``Do not use free public smartphone charging stations'', FBI warns - GIGAZINE
Attacks on devices that exploit public charging ports are called juicejacking, but Vox points out that the likelihood of juicejacking actually occurring is extremely low. To date, no cases of juice jacking have been confirmed other than in proof-of-concept demonstrations.
Juicejacking was first proposed at the DEFCON cybersecurity conference in 2011. To demonstrate the potential vulnerability of USB charging, security experts Brian Marcus and Robert Rowley set up charging stations at DEFCON so attendees could use their devices. They said they investigated the number of people who started charging.
The researchers found that more than 360 DEFCON attendees unsuspectingly charged their devices, even though most of them were experienced hackers and cybersecurity experts. In an interview with Vox, Marcus argues that given that hundreds of top professionals around the world have been fooled, the average person would be even more easily fooled.
Juicejacking is an attack that focuses on the ability to charge and transfer data using a single USB port. However, as of 2011, many devices allowed charging and data transfer at the same time when connected with a cable, but most devices in use at the time of writing do not allow data exchange when connected with a cable. ask the user. Therefore, even if a malicious person hacks into a public USB charging port, data cannot be exchanged via the cable unless the user gives permission.
Since the demonstration at DEFCON, warnings about juice jacking have been frequently talked about, leading some people to believe that juice jacking actually happened. Similarly, when the FBI issued a warning in 2023, many local governments and media outlets took it seriously.
A spokesperson for the Michigan Attorney General's Office, which issued the warning, told Vox, ``While we have not received any reports of juicejacking here in Michigan, victims have no idea how their phones were compromised.'' Maybe they just don't know if it happened.' Dana Plumpoff, a spokeswoman for the FBI's Denver office, said the FBI's warning was 'to remind Americans to remain safe and diligent when traveling.' Masu.
Vox reports that in recent years, device battery life has improved significantly compared to before, and more people are carrying mobile batteries, so juice jacking is less likely to become a realistic threat. Still, Marcus argues that juicejacking is still a possible risk, as it involves installing a seemingly ordinary charging station in a busy area and waiting for the victim to connect their device with a cable. Marcus told Vox that he personally thinks charging ports at airports may be particularly dangerous.
Vox says that although the likelihood of juice jacking occurring is low, it cannot be said that it will never happen in the future, and has the following advice for those who are wary of juice jacking.
- Do not use charging stations.
・Carry an external battery with you in case the battery runs out.
- If you must charge your device in a public place, do so from an electrical outlet rather than a USB port.
- USB cables may be tampered with, so please use your own reliable USB cable when charging.
・When charging, use a ' USB cable condom (USB data blocker) ' that technically shuts down data transfer via the cable.
Related Posts:
