Juice Jacking Alert: Why Are Public Smartphone Charging Stations Dangerous?

In the past few weeks we have read about a alarm raised by the FBI related to a threat called juice jacking related to charging mobile devices at charging kiosks. How many times has it happened to see kiosks for recharging smartphones in stations, airports or gyms, and the question that the user should ask himself is: are they really safe?

It should be remembered that charging a smartphone at charging kiosks could lead to installation of malicious software on devices with their impairment. Once the smartphone is connected to the charging station, the malicious code will allow access to the data on the phone.

There are several options to install malware on the charging device, for example by compromising the kiosk or intentionally leaving cables, suitably modified so that they can inoculate malware, connected to the charging stations. The attack is far from new, in 2011 it was presented during one of the most important hacking conferences in the world, the Las Vegas Defcon. On the occasion, researchers Brian Markus, Joseph Mlodzianowski and Robert Rowley set up a charging station for smartphones in order to demonstrate the attack. The charging station was equipped with a variety of charging cables suitable for the most popular mobile devices of the time; by connecting a device to the station, the screen showed a message warning users of possible risks, however many ignored this suggestion: “You should not trust public kiosks with your smartphone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free recharge!”.

It must be said that the devices of the time used a sync process which was automatically started by connecting them to a computer. Following the demonstration of the attack, major smartphone manufacturers changed the sync mechanism.

On the other hand, the technology has evolved over the years allowing security researchers to develop miniaturized systems that can be used in a juice jacking attack. An example is the OMG cable, available for around $180 and marketed to allow pen testers to compromise devices that connect to them. The OMG cable has a memory chip and a wifi transmitter inside that allow a remote attacker to access the connected smartphone.

But why has juice jacking returned to talk in this period? The actual reason is unclear, but interest has surged online following two alerts issued respectively from the FBI Denver office and from Federal Communications Commission (FCC) American.

Probable that the warnings issued by the American authorities are not related to specific episodesHowever, it is important to know the threat and follow simple rules to avoid falling victim to these attacks.

Right away any of the suggestions provided by the American agency FCC:

• Avoid using a public USB charging station, use a power outlet instead.
• When on the go carry magazines with youcar chargers and their own USB cables.
• Carry a portable charger or external battery with you.
• Consider the possibility of bring a charging-only cablei.e. preventing data from being sent or received while charging.
• If you plug your device into a USB port and a message appears that asks you to select Share data or Charging onlyalways select the second option.