The 'juice jacking' hack

0 41

Written by

Freelancer and IT enthusiast

2 years ago

In community: Just Write(e5e5)

Topics: Security

We live in a world where technology in fast advancing with our mobile devices like our smartphones and tablets becoming an integral part of our lives particularly our financial dealings. It will not be out of place to say that having these devices is akin to having our banks in our palm of our hands with the advent of mobile as well as internet banking while they can be used for. Thus if these devices were ever to fall into the wrong hands, it could result in financial doom for the one who lost them if proactive steps aren't taken quickly.

Criminals have since realised that our mobile devices if compromised are a treasure trove of information that could hold the key to unlocking our closely guarded finances. There's therefore a need for extra vigilance so as not to fall victim to these criminal elements who are devising innovative ways of gaining access to our devices via coercion or deception with the intent of carrying out fraud.

This brings us to a scary way via which our devices could be compromised. Although this particular hack is not new as it has been around for a couple of years, I am sure that like myself some of us aren't aware of it or haven't paid particular attention to it. The worst nightmare for any smartphone user in this world of ours where one needs to virtually always be online is for one's device to run out of juice i.e. for the device to run out of power and eventually shutdown or give the dreaded low battery prompt.

The consequence of such an unwanted shutdown could be catastrophic particularly for anyone involved in cryptotrading due to the characteristic volatility of the market where things can go sideways within the next second with open trades if not closely monitored. It could also mean missing out of time bound opportunities such as IDO's or ICO's.

If one were to be faced with dilemma of running out of juice in a public space such as a hospital, airport or park, the sight of a free charging space would surely be a source of relief. However it could also be the source of one's undoing. As demonstrated in an NBC report dated February 7, 2020, Cyber security expert Jim Stickley set up a free charging space with special hardware which allowed him to remotely access any device connected to the charging space.

An exploit aptly tagged as 'juice jacking', where the connected mobile device is jacked while being juiced i.e. charged. This hack exploits the fact that aside from being the charging interface for mobile devices, the USB port is also used for data transfer to and from them. Thus anyone such as a hacker who has USB access to the mobile device via a PC or other hardware can collect and send data to the device.

Jim showed all those who had connected to the charging space that he could remotely access their phone screens, seeing every action they performed such as the phone numbers dialled, the emails and messages viewed. Since the mobile phone screen could also be recorded remotely, any sensitive information entered such as credit card details and passwords can also be gleaned by whoever had the remote access.

Aside from what was demonstrated in the report of being able to steal personal information, hackers could also install malware that would give them the ability to remotely control one's device for cryptojacking, locking to demand ransom or other unsavoury activities like sending messages or turning the camera on to take pictures or record videos .

With these potential risks it is only wise to totally avoid topping up your device via public USB charging spaces. Your best bet remains to charge you device via an AC charging space or power bank. If you suspect that there might be instances where public AC charging spaces might not be available leaving you with only the option of using a USB charging space, then get a data blocker which will be attached to the port on the USB charging space before plugging in your USB cord for charging.

Stay safe and be cautious out there because our mobile devices are now prime targets for cybercriminals.