What is Juice Jacking? How to Avoid the New Cyber Threat

As Friday rounded the corner last week, our team’s Group Editorial Director mentioned how he’d recently purchased USB data blockers and how a cybersecurity threat called “juice jacking” has been turning heads. Normally, I may’ve cracked a small joke related to “juicers” at gyms (or I might’ve even made a juice-oriented pun, smoothie-wise), but upon hearing more I’m glad I reserved any witticisms, as this is quite the serious topic.

If you’ve yet to hear about juice jacking and the dangers therein, I encourage reading on.

When we travel – especially in airports and hotels – finding a free USB charging station can become a hurried game of I Spy in order to recharge your phone or other portable device(s).

Enter the cyber-theft tactic known as juice jacking. Cyber attackers know not just how handy USB charging ports are, but how abundantly they pop up. Unfortunately, these bad actors have figured out how to plant malware and monitoring software onto our devices via USB charging ports in airports, shopping centers, hotels, etc. According to the FCC, “criminals may have intentionally left cables plugged in at charging stations. There have even been reports of infected cables being given away as promotional gifts.” (The FBI has also expressed concern.)

This concept – juice jacking – was first coined by a cybersecurity analyst back in 2011, but now it’s made a pseudo-comeback, of sorts. (And a dangerous one, at that.)

So, what can be done? After all, while we’re on-the-go busy while traveling, discerning a fake charging setup from a real one hasn’t exactly been a top-of-mind topic we’ve been trained on. (Especially since these fake stands will actually charge your phone, all the while installing malware or siphoning sensitive data like account passwords and credit card information.)

“It’s right for the FBI to warn about this,” says Adrianus Warmenhoven, a cybersecurity advisor at NordVPN. “Up until very recently, a lot of security researchers thought this wasn’t all that feasible for attackers. Because, in order to carry out an attack this way, the criminal must physically alter a USB port.”

But now, it’s happening.

Tips that may help you avoid becoming a victim of this new juice jacking include:

• Carry a portable battery charger or external battery brick of your own.
• Bring along your trusted cables; AC, car chargers, USB and so on.
• Use, as mentioned, a device called a USB data blocker.
• Completely power off your device(s) before opting to plug into a kiosk.
• Pick an available power outlet, instead.

When plugging a device into a port, a prompt will usually appear asking you to select either “Share Data” or “Charge Only” – as expected, experts point to the latter.