But think about it for a minute. This is your smartphone. It has all your photos, your contacts, your messages, your passwords and personal data on it. Do you really want to be sticking any old cable into its data port? Hackers and infosec experts have proven that it’s possible to hijack a public charging station with a malicious device. You’ve heard of credit card skimming at the gas pump, right? This is the mobile tech equivalent. What might seem like a benign, generic USB port or charging cable may be attached to a tiny device that installs malware on your phone, or worse, steals data off of your phone.
Wait, do people really hack phone charging kiosks?
I can’t say that I’ve come across a recent news article that reports an actual case of so-called “juice jacking.” But the concept has been proven in the past decade by security researchers. Most recently, a demonstration at DEF CON last August showed that a phone’s camera could be hijacked via a USB charging station in disguise (“video jacking“). And honestly, like credit card skimming, most cases of hacking or unauthorized smartphone access go undetected. So, yes, juice jacking is real.
How vulnerable is my phone?
The good news is that the mobile phone developers have been working on the issue and phones are more secure now. As you’ve undoubtedly noticed, Apple devices like your iPhone and your iPad now give you the “Trust this computer?” dialog whenever you plug your phone into a new computer or device. In theory, if you say, “don’t trust,” whichever device you are connecting to shouldn’t have access to your data. Android phones also have similar security and authentication features. If you are plugging into a charging station that is truly just for power only (like when you plug into the wall with your AC adapter), then you shouldn’t be prompted to “Trust this computer.” If you do plug into a public charging station and get that prompt, it’s a big red flag. Unplug your phone ASAP and let those around you know something isn’t right.
What can I do to prevent juice jacking?
Okay, the title of this post may have been a bit extreme. There are ways to safely charge your phone in public. Just because theoretical attacks can be launched over a hijacked public charging station doesn’t mean you have to forgo the convenience. In addition to keeping an eye out for the “Trust this computer?” prompt, there are a few other safety measures you can take. And as with any security concern, it’s always best to have layers of protection—clever hackers may be able to circumvent the trusted device authentication measures.
Conclusion
There you have it. Juice jacking is real. But if you are careful, you can significantly reduce your vulnerability. Not only that, some of the solutions—like a fast charging cable or a portable power bank—come in handy for reasons other than device security. That means you can buy a special USB cable that simply doesn’t have pinout connections for pins 3 and 2. Therefore it’s impossible to transmit data across it. For example, here’s a PortaPow power-only iPhone charging cable for about $7. The same company makes a micro USB cable for charging only that will work on Samsung, HTC, and Google phones. These cables will only charge your phone and will prevent data from being transferred across it.
PortaPow sells their own take on a USB condom for about the same price: the PortaPow Fast Charge + Data Block USB Adaptor with SmartCharge Chip. Have you ever worried about the safety of public charging stations until now? Tell us what you do to stay safely charged up on-the-go in the comments below. USB pinout diagram image credit: By Simon Eugster – Simon / ?! 19:02, 7 January 2008 (UTC) (Own painting/graphic) [GFDL (http://www.gnu.org/copyleft/fdl.html), CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0/) or CC BY-SA 2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/2.5-2.0-1.0)], via Wikimedia Commons Comment Name * Email *
Δ Save my name and email and send me emails as new comments are made to this post.