14 Feb 2020

“Juice Jacking” and Safe Charging

You’re a good soldier when it comes to keeping your info safe and secure:

  1. You encrypt your email (of course using RMail’s simple to use, award winning email encryption).
  2. You create a super long and complicated password that not even you can always remember.
  3. You take the time to clear your browser cookies on your mobile device.
  4. You never click links in email that can lead to scams.
  5. And, obviously, you read Tech Essentials weekly so you are aware of the latest internet hacker tactics.

But there is a newer front in the war to keep your personal info safe, and you may not know about it yet…

Picture this: You are out and about and realize that your phone battery is very low. Conveniently, you see a public phone charging station just where you need it. You plug in your phone, relieved to get your battery charge into safe territory–just above 20%. However, if you happened to use a charging cable of unknown providence or even simply plugged your own cable into an amazingly conveniently located “impostor” USB charging port, you may have opened up your phone (and its contacts, phone logs, message and text content, and private photos) to a hacker farm half a world away.

These hacker farms then use special filters to find nuggets of information to target you in the future. And, you will not even know you are now exposed. This new-ish type of attack is called “juice jacking”, and the NYT has a recent piece on it.

The concept is simple. Leading smart phones on the market have been designed to utilize the same port for charging the phone as data transfer. This opens the opportunity to trick a user in need of a charge to expose their phone’s data port via USB. You plug in and get new phone charge, all-the-while your data is sucked out and sent to who-knows-where.

There are some precautions, the most novel of which is using a “USB Condom” that disables the data pin used on a USB charger. Thus, your device will ONLY charge via USB but will not transfer data. An even simpler tip is to only use regular wall power outlets with an outlet plug (not plugging directly into USB charging ports) when charging your devices. The extra weight of carrying around a portable charger for emergencies may save you big.

The juice-jacking attack is a uniquely 21st century problem, as it encompasses facets of information security; including security design, user awareness, attacks against system code, as well a bit of social engineering. Yet in some ways juice jacking takes this all a step further in that, unlike phishing/whaling where there is usually a deceptive email exchange, all you have to do to surrender your personal information in this case is to plug your phone into the wrong place.

While we won’t be selling USB condoms anytime soon, you can always count on RMail’s ironclad protection to secure your most sensitive information when sending email. It’s easy to use and provides true direct delivery of your encrypted message and attachments into your recipient’s inbox. You can try it out for free here anytime.