Beware of Juice Jacking: Avoid Using Free Charging Stations in Airports, Hotels, or Shopping Centers

Old Banner
First coined by security expert Brian Krebs in 2011, “juice jacking” occurs when mobile devices are compromised by using free, publicly available USB power charging stations often found in airports, hotels, and shopping malls. This month the FBI released a PSA via Twitter about avoiding these free stations. Bad actors have figured out ways to use and tamper with these public USB cables/ports to introduce malware and monitoring software onto devices. Instead of using a free charging station, carry your own charger and USB cable and use an electrical outlet instead of a charging station.

Why is this more of a threat now?
Because of cost reductions in the underlying technology and a diversity of new features available in what looks like a regular USB cable. Bad actors replace the regular USB cables at these public charging stations with other cables through which they can attack your device. An example is the O.MG cable ($180), which looks identical to an Apple USB charging cable. But inside the O.MG cable is a tiny memory chip and a Wi-Fi transmitter that creates a Wi-Fi hotspot, to which the attacker can remotely connect using a smartphone app and then run commands on the device, i.e., your phone or laptop. “OMG” is right! 

The good news is that juice jacking is not yet a widespread threat. But like anything else in the cybersecurity space, once there is a proof of concept it is only a matter of time before it is exploited widely.
 

What can you do?

  • Again, avoid using free public charging stations.

  • Keep your mobile devices up to date with the latest security patches. When this vulnerability was first discovered, Apple, Google, and other manufacturers changed the way their software works; their devices no longer automatically sync data when something is plugged in. The device will prompt you to, “Allow this device to access photos and videos?” and you will have to make a conscious decision whether to give it access or not.  This highlights the importance of staying current with security updates. You always want the latest safety features!

  • If you are utilizing an older device where the battery health is no longer reaching peak performance and you find yourself charging more often, invest in a small power bank to bring with you when traveling. 

  • Take the annual “FIT Is Cybersafe” training. The training is 30 minutes long and goes over all the latest threats. Please log in here to begin.

 
About Cybersafe

The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.