Buy Books From Publications Division Website |   e-Subscription  
twiiter-logo
Employment News
Subscribe print version with complimentary e-version @Rs.530 per annum; Subscribe only e-version @Rs.400 per annum. || !! ATTENTION ADVERTISERS !! Advertisers are requested to give full details of job Vacancies/ Minimum size will now be 200 sq.cm for shorter advertisements || Click here to become an e-resource aggregator of Publications Division || New Advertisement Policy || ||

Special Content


Issue no 51, 16-22 March 2024

Understanding Juice Jacking: A Cybersecurity Threat

Whether you're shuttling between home and work, navigating different cities, or embarking on a leisurely trip, your mobile phone is a constant companion. However, this apparently routine activity is not devoid of risks, especially when relying on public USB charging points.

The Reserve Bank of India (RBI) recently issued a warning about the risks of "juice jacking," a cyber attack targeting mobile users charging their devices at public USB ports. This advisory highlights the increasing threat posed by cyber criminals in public spaces like airports, hotels and shopping centers, where unsuspecting users may connect their devices for a quick charge, unknowingly exposing themselves to potential data theft or malware infection.

Cybersecurity experts cau-tion that malicious actors may discreetly introduce malware into these public charging ports. Upon connecting your device, this malware can be used to take control, pilfer personal information and extract passwords. Subsequently, malicious entities may exploit this acquired data to infiltrate online accounts or engage in unauthorised transactions.

What is Juice Jacking?

Cyber criminals are exploiting vulnerabilities in various ways, breaching internal security and often, citizens remain unaware of the threats looming over them. Juice Jacking is one emerging method gaining prominence in the series of cyber crimes.

Juice jacking is a form of cyber attack where hackers manipulate public USB charging ports, either infecting them with malware or making hardware changes to steal data from connected devices. Incidents of juice jacking have been reported in public places like airports, hotels and shopping centers, making it a growing concern for individuals.

This cyber threat is likened to the ATM card skimming exploits of the past, as both involve users depending on the safety of the compromised hardware.

How Juice Jacking Works?

Juice jacking is made possible due to the inherent design of Universal Serial Bus (USB) technology. A single port serves a multitude of functions, allowing users to both charge or power a device and transfer data to and from it. If you recall the days when each peripheral required its own unique cord and port, you'll appreciate the increased convenience brought about by this unified approach. However, this convenience introduced a new vulnerability: unintended data exchange during power charging. Remember in the early 2000s, mobile phones automatically enabled both functions upon connection.

 Phone manufacturers have since addressed this concern by incorporating a prompt that seeks user permission for data exchange. Both iOS and Android have updated their devices to warn users during charging, providing an option to trust or distrust the charging port, power bank, or charging process, further enhancing user security. This is exemplified by the "trust this device" message displayed when connecting a phone to a computer. Notably, if the phone is plugged into a power source alone, this message should not appear. Opting not to trust the device prevents data exchange while allowing the phone to charge. This iterative process aligns with the standard procedure in technological advancements: identifying vulnerabilities prompts manufacturers or developers to devise effective solutions.

How Juice Jacking Harms?

·         Data Theft: Users may not realise that sensitive information, such as passwords and contacts, has been stolen during a juice jacking attack.

·         Malware Installation: Significant damage can occur, including manipulating the device, spying on the user, or stealing information.

·         Multi-device Attack: Devices charged by infected cables can become carriers of viruses, infecting other cables and ports.

How to Prevent Juice Jacking?

To avoid falling prey to juice jacking, users can take several precautionary measures:

·         Always use AC (Alternating Current) power outlets to minimise potential risks while travelling.

·         Pack AC and car chargers, along with your personal USB cables.

·         Carry an external battery (power bank) as a crucial backup power source.

·         When connecting to a USB port, consider using a "charging-only" cable from a trusted supplier to prevent data transfer during charging.

·         Prioritise choosing "charge only" if prompted to select options like "share data," "trust this computer," or "charge only" for enhanced security.

·         Avoid using chargers left plugged into public outlets.

·         Ensure that mobile devices and software are regularly updated.

·         Exercise caution by never accepting free promotional charging devices or devices from unverified sources.

Compiled by: Sudhit Mishra,  EN Team

Source: rbi.org.in