ruthdelacruz

travel & lifestyle blog by ruth dela cruz

Press Release

Public charging stations may expose Filipinos to “juice jack” attacks

April 17, 2023

The Federal Bureau of Investigation (FBI) in the United States recently warned consumers against using USB ports for charging in public spaces such as airports, malls, and hotels, as attackers can “juice jack” data or insert malware into one’s phone or device for theft.

Juice jacking is a type of cyber attack where hackers use USB charging ports to steal data from smartphones and other devices.


While the public service announcement released on Twitter was meant for Americans, many
other countries, like the Philippines, also have public establishments with free charging stations
as emergency assistance to consumers. The threat of a juice jack attack exists everywhere
people plug their devices into untrusted ports, like in public charging stations.


Sean Duca, Vice President and Regional Chief Security Officer for Asia Pacific & Japan at Palo
Alto Network, shared, “We should always remember that nothing in the world is free. Trusting
public charging kiosks with your smartphone carries a significant risk of personal information
being retrieved or downloaded without your consent.”


The recipe for a juice jack attack


A USB (universal serial bus) cable is the key ingredient in a juice jack attack. USB cables are
designed with two wires for data transfer and power, respectively. Juice jacking happens when
malicious actors embed malware into charging stations and activate data transfer through the
USB cables to infect connecting devices.


The malware, now on the connected device, can then use seemingly normal notifications to trick
people into giving it access. Examples include an app asking permission to access files similar
to what social media platforms do or operating systems requiring users to authorize a new
update. If not given focus, users could simply allow these requests without considering the risks
of such a stealthy threat.


Once access is granted, the situation resorts to the classic scenario of attackers being able to
crawl into the victim’s files and applications to collect sensitive information, including bank
account credentials or credit card details, to steal data or money.


Resisting juice jacking


What’s the juice to countering a juice jack attack? Duca points back to the power of controlling
access within one’s device. “Malware requires a user’s permission, much like any other app on
your phone, before it can actually infect a device. The users are the last gate to keeping
malware away, so it’s really important for them to think before they click and challenge why an
app would request access to your personal information.”


He elaborated further that many mobile apps request access to a user’s data on a device,
claiming that doing so will allow users to enjoy the app to its fullest potential. With this being the
norm today, users tend to grant permission without considering the risks.


“Public charging stations also carry the threat of malware infection and data theft, similar to the
dangers of public Wi-Fi networks. As a mobile-savvy nation, Filipinos need to be prepared to handle this risk by questioning whether we can trust our data with another device and understanding how it can be misused from the get-go,” he concluded.

How to Prevent Juice Jacking

Here are some tips on how you can prevent juice jacking attacks:

  1. Use your own portable power bank and USB cable. It is always smart to be prepared especially when traveling.
  2. Disable data transfer. Some devices have the option to disable data transfer while charging. This will prevent any data from being stolen while you are charging your device.
  3. Use a VPN: A Virtual Private Network (VPN) can encrypt your internet traffic and help protect your data from being stolen.

  1. Thanks for sharing this Ms.Ruth.. Malaking tulong itong Blog Article na ito para maging aware din kami kapag nagcharge sa Public Charging stations

Leave a Reply

Your email address will not be published. Required fields are marked *