You’re away from home and your car when you look down at your phone which is alerting you that its battery is dying. Ruh-roh, what to do? Quick, find a handy public phone charger, right?
Wrong! If you are thinking about plugging in your cell phone in a public place – airport, hotel or shopping mall, for example – think again. There is a serious scam out there called juice jacking that allows hackers complete access to your portable communications device.
The term comes from a combination of “juice” – electrical power – and “jack” – steal. The data thieves have figured out how to hijack your cell phone without any personal contact.
The criminals write computer programs called malware (bad software) that are quick and easy to install into free public charging stations. When you arrive at the kiosk, the charger looks normal.
But once you push your power plug into the charger’s receptacle, the malware loaded into either an infected charger or cabling the hackers left behind kicks into gear and immediately infects your phone, shunting all of your phone data to Hacker Central.
Within minutes, the intruder code can lock you out of your own device as the hackers make off with your precious private information. Your phone numbers, addresses, location history, account names, numbers, and even passwords all become visible on the hackers’ remote screen. They can see pictures of you and your family and know their names.
These hackers can steal a full backup of your phone with all its contents.
This is so not good.
The Los Angeles County District Attorney’s Office agreed that avoiding using public USB charging stations at airports and other locations is a safe practice and gave the following tips:
- Use an AC power outlet rather than a USB charging station.
- Take AC and car chargers for your devices when traveling.
- Consider buying a portable charger for emergencies.
You can also plug your phone’s USB cord into your laptop’s USB port to charge your phone when you’re traveling without an external charger.
LA County’s Deputy District Attorney Luke Sisak warned that using a free public USB charger could “end up draining your bank account.” Investigators from his office know hackers who are involved in identity-theft schemes and say the miscreants have the computer skills needed to tweak a public USB charger station.
LA County’s top prosecutor Sisak said the scam is working because people haven’t heard of it:
“It’s something that people should be aware of. And they mostly don’t know that it is.”
After all, who would suspect that a public phone charger had been subjected to criminal tampering?
Furthermore, a lot of people don’t realize that a charging port is how their phone transmits (sends and receives) data.
Juice jacking works a lot like skimming credit card information at gas pumps or other public venues. Avoid habitual use of the charging cables provided in ride-share vehicles, hotels, and internet cafes.
Be suspicious if your phone displays the message, “Do you trust this computer?” because no normal charger ever does that. This is your phone asking for your permission to let the hacking computer steal all your data. On any device other than your home computer, always answer this question “No.”
If you simply must use a public phone charger outlet, look around for obvious signs of tampering. If you spot anything hinky, move along. You can also tug gently on the outlet to see if it pulls away readily from the wall. Some hackers don’t bother to screw in their temporary data-capturing devices.
Cybersecurity expert Jim Stickley set up a simulation along the Port of San Diego in Southern California. The cracker (a hacker who works for good) installed customized hardware in a homemade charging station that he set up, letting him watch and record everything displayed on the screen of each connected phone.
NBC News correspondent Vicky Nguyen agreed to play the part of Stickley’s first victim. As he observed her shopping online at Home Depot, the hacker said:
“Now we get to the best part. She’s actually entering in her credit card number.”
Over the next four hours, dozens of unsuspecting people stopped at Stickley’s makeshift charging station to juice their phones. Understandably, some of them were shocked to learn it was all a setup.
One of the would-be victims, a woman named Ruth, called the malware “dangerous” after seeing her personal Facebook messages appear on someone else’s screen.
It’s worth spending more money when you are shopping for a portable charger to get one with longer battery life. The cheap ones die really quickly.
You can also buy a “USB condom” for about $10 that blocks the data pins on the end of a USB cable, allowing only power to flow from an outlet to an attached device. The Original USB Condom ” prevents accidental data exchange when your device is plugged into a foreign computer or public charging station with a USB cable.”
The ultimate solution to juice jacking is to shun public phone chargers and opt for plugging into a power outlet.
Forewarned is forearmed – keep your data safe from cyberthieves!