In a public advisory posted on Nov. 8 (Friday), the Los Angeles County District Attorney's (LADA) Office discouraged travelers from using charging stations at airports, hotels, and other locations as hackers are using public ports and cables to access personal data.
When 'Free' Offers Come With a Price
In an Instagram video posted on the next day (Nov. 9, Saturday), Deputy District Attorney Luke Sisak warned the public about the dangers of free charging.
"A free charge could end up draining your bank account," he said. Sisak even used the hashtags #FraudFriday and #scamalert to encourage users to spread awareness on social media.
Liviu Arsene, a cyber-security expert, reported that juice jacking "exploits the fact that somebody doesn't have a full battery."
When a phone or a laptop reaches the end of its battery life, anybody will rush to find a USB port or cable to charge the device. With the rising number of victims falling to charger scams, you might want to stop and weigh in your options first: is whatever you are doing on your device more important than your data security?
Mr. Arsene added that the public should also be wary of USB cables given away as promotional gifts.
"You can easily brand these things so you can make it look like any other cable," he said. "When people see it, they don't really think or expect it to be malicious in any way."
Juice Jacking: The Digital STD
In an article posted by GritDaily, they described juice jacking as everyone's 'phone's newest STD this holiday season.'
Juice jacking is not new. The term was first coined in 2011 when investigative reporter Brian Krebs wrote about an informational charging kiosk at DefCon 19. The kiosk, designed by Wall of Sheep researchers, was created to present an unspecified potential attack vector that could perform malicious actions on the charging devices.
Today, the term is widely used to describe any kind of exploitation carried out through USB ports or cables. Hacking begins the moment the unsuspicious users connect or plug their devices into these malware-infected tools.
According to The Times, once the malware gets in the device, hackers can already read and export data, including your passwords and personal information. The malware can even lock up your laptops or cellphones, making your device unusable. By the time you reach a service center to have your phone seen by a technician, hackers could have well-used your data to access your bank accounts.
How to Protect Yourself From Charger Scams
The best prevention to avoid the 'digital STD' is to use a digital condom. USB condoms or USB adaptors make the charging-only function possible, disabling the data transfer pins on the port.
For Mr. Arsene, users must bring their own charging wires wherever they go, charge directly from an electrical outlet, and use only portable batteries brought from trusted vendors.
For the people at LADA, it's also wise to keep a portable charger for emergencies. If you really need to charge your device but do not have a USB adaptor, one solution is power off your device before plugging it into the public charging port. It's not a foolproof idea, but it works for most phone devices.