What is Juice Jacking?
“Juice Jacking” is a cyber-theft tactic where malware is installed onto a mobile device through a corrupted USB port at free USB port charging stations, found in airports, hotels, shopping centers etc. Once someone plugs their mobile device into the public charging kiosk, the malware and monitoring software can be introduced to the mobile device that can lock the devise or export personal data/ passwords directly to the scammer. That information can be used to access online accounts or sell it to other scammers.
How to avoid Juice Jacking
Apple, Google and other mobile device makers have changed the way their hardware and software works so their devices no longer automatically sync data when plugged into a computer with a USB charging cable. Users are now presented with a prompt asking if they wish to trust a connected computer before any transfer can take place.
However, Juice Jacking is still a risk. Avoid using the free charging stations and carry your own charger and USB cord to use at an available electrical outlet instead. If an adversary has physical access to your device, you can no longer trust the security or integrity of that device. If you are in a bind and still need to use a public charging kiosk or random computer, power off the device before plugging it in.
- Using AC power outlets can help you avoid any potential risks, so be sure to pack AC, car chargers, and your own USB cables with you when traveling.
- Carry an external battery.
- Consider carrying a charging-only cable, which prevents data from sending or receiving while charging, from a trusted supplier.
- If you plug your device into a USB port and a prompt appears asking you to select "share data" or “trust this computer” or “charge only,” always select “charge only.”