What is Juice Jacking?
Alert! Do you know your Phone could be Hacked through Charging a mobile in Public stations, like Airport, Railway Station, Hospitals, and Hotels?
Juice jacking is a type of cyber attack trying to steal user credentials through phone charging.
Cybercriminals are smart; they used a public platform to hack Smartphones.
By using the Malicious Charging station, they install malware or copying sensitive data from a smartphone, tablet, or other computer devices.
A dead or dying Phone or laptop is enough to send anybody to find a way to charge the device, but you may think twice before using that cable found at an airport or other charging station or docking into that hotel USB port because behind that port many hackers could be waiting.
How it works?
According to MalwareBytes, as you may have noticed, when you charge your Phone through the USB port of your computer or laptop, this also opens up the option to move files back and forth between the two systems. That’s because a USB port is not simply a power socket.A regular USB connector has five pins, where only one is needed to charge the receiving end. Two of the others are used by default for data transfers.
Unless you have made changes in your settings, the data transfer mode is disabled by default, except on devices running older Android versions. The connection is only visible on the end that provides the power, which in the case of juice jacking, is typically not the device owner.
That means, anytime a user connects to a USB port for a charge, they could also be opening up a pathway to move data between devices—a capability threat actors could abuse to steal data or install malware.
1) A person was at the airport, and he noticed his phone battery had nearly drained, extremely low and needed charge.
2) He plugged his phone into a nearby USB power charging station at the airport.
3) After a few hours, he has received an unauthorized debit SMS of Rs 80,000 in his account.
1) They said charging ports were neither monitored nor checked and being in surveillance less condition, the fraudsters easily tamper the cord.
2) The cord contains an extra chip that deploys hidden malware, which provides access to all the information stored in his phone to the fraudster.
3) The fraudster then initiated financial transactions on his behalf and was able to view the OTP’s received on his phone and misused them.
- Always carry a charger or portable power bank.
- Immediately contact your bank in case of unauthorized debits.
- Avoid using public charging stations.
- Install an Anti-Virus solution that stops any malware to download data theft
- Switch off handset before recharging.
- Avoid the opening password pattern tool.
- Your phone should not be able to be paired with the devices it’s connected to.
- Disable data transfer feature on your mobile phones while charging.
So think before to charge your Phone at Public Stations. Awareness is the only way to stay away from Cyber frauds.
Tags
Security