Not a new threat, but it still has innocent mobile users falling for its trap. In fact, the term juice splash was first coined in 2011 after researchers created a compromised charging kiosk to raise threat awareness. Various security agencies including the FBI have published advice on USB charger scams or juice hacks. In India too, some banks include State Bank of India warned its customers about the dangers of juice splashing.
Think twice before plugging in your phone at charging stations. Malware can find its way into and infect your phone,… https://t.co/NgMkyLwNN3
– State Bank of India (@TheOfficialSBI) 1575718671000
How juice jacking works
The USB port is commonly used as a means of data transmission. On most phones, data transfer is disabled by default and the connection is only visible on the power supply end. This is a system that transfers data back and forth, in the way that you can move photos, videos, or documents from one computer to another. In the event of a juice splash, the device owner cannot see what the USB port connects to. So when the phone is plugged in, if someone is checking on the other end, they will be able to move data between your device and theirs.
The two biggest dangers of juice splashing
Data theft: When a device is plugged into a public USB port, hackers can compromise that port to infect your plugged-in device. This can lead to data theft on your mobile device. The cybercriminals can then search for financial information or other sensitive details in your device using an information gathering program. This personal information can be used to impersonate you or gain access to your financial data.
Install malware: Cybercriminals can use malware apps to copy your phone data and transfer it to their devices. This can include GPS location, purchases, photos, and call logs. Hackers can also freeze your device and demand a ransom to restore it.
Tips to protect yourself from juice splash
* Avoid public charging stations or portable wall chargers
* If you must charge your phone, use a wall outlet.
* Only bring and use your personal cable.
* Use software security measures: This means always locking your phone, which will ensure that it cannot pair with a connected device.
*Another idea is to turn off your device before charging. Because the USB port can then connect to the flash memory in the device.
* Choose another method to charge your phone: These options include a power bank or an external battery.
* Use a USB pass-through: These charge-only adapters allow current to flow but disable the data pin on the USB charger. This means that while the device is charging, it will not allow data to be transferred.
Security in Iphone: AppleiOS of Security Guide An update to iOS 12.3 that defines its USB restricted mode is intended to do the following things:
“To improve security while maintaining usability, Touch ID, Face ID, or passcode entry is required to enable a data connection via Lightning, USB, or Smart Connect interface if no data connection has been established recently. This limits the attack surface for physically connected devices such as malicious chargers, while still allowing other accessories to be used within a reasonable time limit. If it’s been more than an hour since the iOS device was locked, or since the accessory’s data connection was dropped, the device won’t allow any new data connections to be established until the device is unlocked. lock up. During this period, only data connections from accessories previously connected to the device are allowed while in the unlocked state. An attempt by an unknown accessory to open a data connection during this time will disable all data connections of the accessory via Lighting, USB, and Smart Connector until the device is unlocked again. ”