Juice Jacking: The Sneaky Threat Lurking in Public Charging Stations
This month, a familiar hack returned to mainstream media coverage: “juice jacking.”
The technique targets travelers in particular, so it is important that hoteliers be aware of the threat and help their properties and guests remain secure.
How It Works
Juice jacking targets cell phones that are plugged into public USB ports. Through altered kiosks or infected cables, criminals upload malware onto their victims’ devices while charging that can log keystrokes, show ads, or even connect the device to a larger “botnet” to facilitate larger cyberattacks. This places sensitive personal and payment card information, such as passwords or credit card numbers, at risk.
Most juice jacking is the result of terminals that have been tampered with. There are also reports of criminals intentionally leaving cables at charging stations or even giving them away for free as promotional gifts.
Because the technique relies on public USB ports that are typically found in hotels, restaurants, and airports, travelers are especially at risk.
Juice jacking itself is not new. For over ten years, there have been reports about the potential for this hack.
However, it recently returned to the news due to public warnings from the FBI and FCC that went so far as to recommend the public against using free charging stations in hotels altogether.
According to experts, the reason for the recent warnings has been the increasing accessibility of the technology for juice jacking. While once an expensive tactic that required considerable expertise, the hack is now relatively unsophisticated and can be set up for under $7. Most of the equipment required can be purchased over the counter and deployed relatively easily.
This raises the prospect that it may be used more widely in the future.
As with any threat, it is important to keep the relative scale in mind. Research by Snopes, the long-time fact checking website, has cast some doubt on the scope and danger of juice jacking. Still, it will be worth monitoring as we assess the threat landscape moving forward.
Here are some tips to keep your property and guests safe.
1. Inspect your devices. Regularly check any publicly available ports and ensure there has not been physical tampering. Identify, collect, and remove any charging cables or other electronic devices that are unattended.
2. Use a power bank. Portable charging devices are widely available and affordable with many options. Beyond being more secure, they’re also a great tool to avoid ending up with a dead battery when traveling.
3. When charging, use power outlets rather than USB ports. Juice jacking attacks happen when you are connected to USB ports, not electricity-only sockets. Always carry a simple adapter and simply charge using a regular old outlet.
4. Invest in a USB data blocker. Small, inexpensive devices can be connected between your charging cable and the USB port that block the transmission of malicious software. Many are under $10 (and make a great gift for the traveler you know who has everything).
Feeling overwhelmed? Don’t be. VENZA is here to help. Cybersecurity is complex, but in partnership with us, your company can get started in as little as one month. Get a live demonstration today by contacting our Customer Success Team.
Ready to elevate your game? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.
Take VENZA’s free Phishing Test to assess gaps in your human firewall today!
Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.
Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.