Wednesday, February 3, 2016

What is Juice Jacking ?

Smart phones and tablets are indispensable today. We can hardly think of even a single day without them. We carry them almost everywhere we go. And, that results in the most common problem we face with them. We need to charge them quite often.

Sometimes when we are travelling, we run out of charges and we end up going to public charging kiosks to charge them. But, how safe is that ?

In fact, attackers can take advantage of charging mobile devices from public charging kiosk and perpetrate attacks. Juice Jacking is one such example.

How is Juice Jacking done ?

We often charge our mobile devices with a USB charger. And, the same cable is used for data connection also. And, that results in another vulnerability which attackers can exploit to invade privacy and steal sensitive data from the device.

In 2011, Brian Krebs first reported on this attack. He suggested, it is quite possible for attackers to set up a rogue public charging kiosk and hide a small computer inside it. As a result, when a smart phone or tablet will be plugged in to it using a normal USB cable, the hidden computer will be able to inject malicious code or steal sensitive information like contact list, emails or other data stored in the device.

How to prevent Juice Jacking ?

Smart phone vendors are already taking steps to prevent this attack. For example, Apple iOS nowadays no longer allow the device to be automatically mounted. They have also released various security patches to fight with the vulnerability.

Android devices also prompt the user before mounting the device as a hard drive when plugged in over USB.

And there are always a couple of steps that we can take to safeguard us from this attack.

  • If you are using a public charging kiosk, use the power cord that directly plugs into a regular electrical outlet.
  • Power off your device before charging it into a public charging kiosk.
  • You can also use “Juice Jack Defender” to charge your mobile devices. These are small USB pass-through devices that enables the charging of mobile devices, but blocks the data transfer capability using that cord.

How to know whether my device is vulnerable to Juice Jacking ?

Plug in your device to a computer using a normal USB charger. If it mounts the device automatically and allows data transfer with the cord, your device is vulnerable to Juice Jacking.

If the device does not automatically mount as a hard drive using the USB cable and instead ask for a prompt to be allowed to be mounted, your device is not vulnerable to this attack.

No comments:

Post a Comment