Businesses and the general public are now very wary of charging mobile devices in public venues. The Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) just updated their guidance on the risks of using public USB charging stations to recharge mobile devices.
The concern is a cyber-theft tactic called “juice jacking.” Juice jacking is the exploitation of a device using a modified USB cable (dirty USB cable) and/or malware to compromise a device while it is charging. Since USB and Apple Lightning cables contain both power and data connections in the same cable and connector, the exploit leverages the data connections as the device attempts to synchronize data.
An Overview Of Juice Jacking
The attack itself is a hardware man-in-the-middle attack (MitM). It uses the physical connection to compromise the device using malicious software that can extract information such as passwords, contact information, emails, etc. or install malware on the device even if it is not unlocked or jailbroken.
Threat actors (or as the FCC refers to them as “bad actors”) can then use that information to compromise online accounts or harvest the information from multiple victims for sale on the dark web. In at least a few cases, the malware has attempted to entice victims with a free promotional gift, according to The New York Times.
Juice jacking is not a new attack vector. In fact, it was first disclosed in August 2011 and demonstrated at a hacking conference called DefCon, where attendees were offered free charging stations to demonstrate the attack vector. Since then, a variety of new methods have been discovered to create dirty cables and leverage exploits to enable the compromise of a charging device.
Business Implications Of Juice Jacking
While some reading this article may consider the risk to be isolated to consumers, there are real-world business impacts to employees that might be traveling for work or pleasure.
Consider the average employee that does not travel frequently for work in contrast to a hardened road warrior who typically carries a dedicated bag of cables and adapters for charging and connectivity. The infrequent business traveler may forget to pack a charging adapter in their carry-on luggage, forget to pack one for all their device types (USB C, Apple Lightning, MagSafe or proprietary) or not have an international power adapter depending on their destination.
Their only recourse is to use a public charging station in order not to be electronically stranded. If they do use one, then they and the organization face risks of malware that could compromise their mobile devices, potentially with sensitive business information, or a multifactor authentication attack.
Juice Jacking Solution for Consumers & Businesses
Now with QimaXx new wireless charging solution Qi-Wallet, consumers and business travelers do not have to be a victim of this latest cyber threat and can now use any public USB charging stations anywhere they like to charge their devices.
At Kickstarter; Coming soon:
Company Name: III Hong Kong Limited
Contact Person: Qi-wallet by QimaXx
Email: Send Email
Country: United States