Mobile security alert: Juice Jacking
Every time we get something nice, it seems like someone comes along and ruins it. Newest case in point: public phone charging stations. They’re a blessing when you’re low on juice and trying to stay connected, but they’re increasingly unsafe because they may harbor malware that’ll hack your mobile device. Malicious software gets into your phone through the same cable used to charge it, whether it’s Apple’s proprietary cables or the Android standard USB miniB.
It’s called “juice jacking,” because everything awful gets a clever name these days. It works because USB mini and Apple’s version of the cable carry both power and data. Plugging your power-starved phone or laptop into a public charging kiosk or using an unfamiliar charging cable can expose your device to malicious software stored on the cable itself.
This malware runs the gamut from sniffer software that installs itself invisibly then watches what you do with your device and reports your actions to a third-party via WiFi or Bluetooth to code that slurps down your private data (contacts, photos, files, and passwords) while your device is juicing up.
While the chance of getting juice jacked is pretty small, it’s not negligible. It’s a risk for workers who rely on their mobile devices to send and receive sensitive client information via phone, tablet, or laptop. Sound familiar?
So how do we protect ourselves from this threat? Fortunately, a little common sense and thinking ahead will keep your devices malware-free.
- Bring a Charger - Pack your own charging cable and adapter. That way you know where they’ve been.
- Use a Stupid Power Source - Plug your adapter and cable directly into a wall outlet. These old-fashioned sockets do exactly one thing: transmit electricity. When you’re plugged into the wall with your own equipment, there’s no chance that a malicious computer is back there somewhere vacuuming up your sensitive data.
- Keep Your Software Updated - It’s 2018. Do we really have to say this? Update your software. On everything. All the time. Old software is just asking for trouble.
- Carry a Backup Battery - They’re small, they’re cheap, and they can save your bacon when you can’t find a safe place to plug in. It’s always a good idea to take one of these along. If, of course, you remembered to charge it before you left on your trip.
- Buy a Data-Locked Cable - These specialty charger cables are available for both Android and Apple devices. They don’t allow data to flow, just sweet, sweet electrons. A great idea for safe on-the-go charging.
- Watch Your Alerts - If you absolutely must use a public charging station, pay close attention to any alerts your device flashes. If you see a “Trust This Device?” alert, unplug that charger immediately - there’s a computer on the other end trying to install software on your device. Not cool.
So pay attention, be prepared, and think ahead! Good advice for travelers all-around, and particularly good for those safeguarding their own sensitive data and that of their clients.
And if you suspect your phone has been jacked, reset it. And not a soft reset: a full factory-original reset. DON’T make a backup right beforehand, you’ll risk spreading the malware. Sure, resetting your phone is a huge pain and you’ll lose your contacts and apps and be re-downloading forever. (Unless you make a habit of backing up your devices on the regular.) But it sure beats giving your sensitive data to juice-jackers!