In early November, the Los Angeles District Attorney released a statement, later picked up by many newspapers, saying that it can be dangerous to charge smartphones in public places through USB ports, because those USB ports could allow malicious people to access data contained in smartphones. Data theft or installing malicious software into smartphones loaded via USB cables has been around for years and is known as juice jacking. It is good to know that it is a real danger, but it must also be said that over the years smartphones have become increasingly capable of defending themselves against these attacks, however considered quite rare, and that there are countermeasures.
# ICYMI: Avoid using public USB charging stations at airports and other locations. Deputy District Attorney Luke Sisak explains how the “juice jacking” scam works # FraudFriday #fraud #fraudalert #crime #scams #scamalert pic.twitter.com/0UcEp1J9wB
– Los Angeles County District Attorney (@LADAOffice) November 12, 2019
In addition to passing the power needed to charge smartphones, USB cables can also be used to let data in and out of smartphones. The scam known as juice jacking uses this dual function to access what is contained in smartphones without permission, without their owners noticing: it takes just a few seconds to steal passwords or install malware, i.e. malicious software.
There is no data on how widespread juice jacking is, and the same district attorney explained to Tech Crunch that his press release was issued for information and preventive purposes and that before the press release in his area of responsibility it had not occurred ” no cases »of data theft via USB ports. But it is certain that it does not take a lot of time and great skills to modify a USB port so as to hide what it takes to have access to smartphones.
Without going into the details of how these USB ports are modified, and taking into account that this is not a particularly widespread phenomenon, there are a series of possible precautions to take and things to know.
The first and easiest way to avoid this risk is to get around it: juice jacking only works through USB ports and cables, so just use adapters and power sockets to charge your phone safely. Or always take a portable charger (or “powerbank”) with you and, if necessary, charge your phone from there.
If, on the other hand, you really need to charge a phone from a USB socket in a public place, you must first of all pay attention to the appearance of any messages on your smartphone. Virtually every smartphone – both Android and iOS – understands when a USB cable is trying to bring or steal data, as well as power, and consequently it does this with a warning message. In that case, if the cable is not connected to a computer you trust, it is best to avoid it, rejecting the request and, even better, disconnecting the cable and smartphone.
For those who really want to use the USB ports of airports, clubs and public places of all types and countries, there is the possibility of further protections. In fact, there are so-called “USB condoms” (condoms for USB) that must be placed between the cable and the USB port and serve to avoid the passage of unwanted data between the cable and the smartphone. The simplest ones cost less than ten euros.
In addition to the USB ports that you do not trust, you must also pay attention to the cables, in which it is now possible to hide what is needed to install small but dangerous malware in smartphones. In this case the danger lies in the cable, no matter which USB port you use.
OMG! 2 months + 8 devs + O • MG Cable = malicious wireless implant update!
This update brought to you by the chaos workshop elves: @ d3d0c3d, @ pry0cc, @clevernyyyy, @JoelSernaMoreno, @evanbooth, @noncetonic, @cnlohr, @RoganDawes
More info: https://t.co/kkhUppsqiC#OMGCable pic.twitter.com/fIzOaKJSxL
– _MG_ (@_MG_) April 12, 2019