Close
Close menu
Table of content
Close menu
Reading tools
Close menu
Share this article Share on telegram Share on whatsapp

New Asus Routers Connects to VPN

What is juice jacking? Juice jacking is a cyberattack where a public USB charging port is used to steal data or install malware on a device. Juice jacking attacks allow hackers to steal users’ passwords, credit card information, addresses, names, and other data. Attackers can also install malware to track keystrokes, show ads, or add […]

author Elena
April 3, 2024 4 minutes Read

What is juice jacking?

Juice jacking is a cyberattack where a public USB charging port is used to steal data or install malware on a device. Juice jacking attacks allow hackers to steal users’ passwords, credit card information, addresses, names, and other data. Attackers can also install malware to track keystrokes, show ads, or add devices to a botnet. The term “juice jacking” was coined in 2011 by investigative journalist Brian Krebs after he conducted a proof-of-concept attack at DEFCON. Hackers infect the USB port or the charging cable before the user connects. Once your phone is connected and charging, the attacker can upload malware to your device, initiate data transfers, or monitor your keystrokes. Let’s look at how juice jacking attacks work in more detail.

How juice jacking works

Juice jacking exploits a device’s vulnerability when it’s connected to a public charging station. Most attacks target mobile devices, such as Android and iOS phones. Older Android versions are particularly susceptible to juice jacking attacks. juice jacking When you charge your phone by connecting it to your laptop’s USB port, you can also transfer data between the two devices. That’s because USB ports are not just power sockets: they have multiple pins, but only one is needed to charge your device. Two of the other pins are used for data transfers.

Types of juice jacking

Several types of juice jacking attacks exist, with differences between each attack method. Here are the four main juice jacking types:

Data theft

Data theft juice jacking is when a hacker steals data from your device while you’re charging your phone using a USB port. The process is typically fully automated, so you probably won’t see a suspicious-looking character lurking nearby and waiting to transfer your personal data onto their device. Hackers often use crawlers to search your device for personally identifiable information (PII), banking details, or account passwords. They may also use malicious apps to clone all your mobile device’s data to another phone. This method includes using additional hardware (e.g., a Mac or Windows computer) as an intermediary. After cloning your data, cybercriminals can harm you in many ways, from identity theft and impersonation to financial damage.

Malware installation

Cybercriminals may also use juice jacking to install malware or viruses on connected devices (e.g., adware, ransomware, spyware, or trojans). Each malware type can be used by hackers in different ways. For example, ransomware may encrypt your files so that the criminals can ask for ransom, while spyware allows hackers to monitor and track your activity over a longer period. Cybercriminals may also use malware to steal personal information and gather data like social media interactions, photos, or call logs. Many of today’s malicious software is designed to be indetectable, so a user may never realize they have malware on their device.

Multi-device attack

A multi-device juice jacking attack also infects your device with malware. However, on top of infecting your mobile phone, it’s designed to continue spreading malware without hackers having to do anything. Once your device is infected, it becomes a carrier designed to infect other USB ports. Multi-device attacks allow cybercriminals to scale up their attacks and infect multiple devices simultaneously.

Disabling attack

A disabling juice jacking attack locks the device owner out of their device, giving full access and control to the hacker. When the phone is connected to the infected USB cable, the attacker loads malware onto the device, disabling it so the user can’t access it anymore. They won’t be able to do anything even if they notice suspicious activity on their phone.

Where juice jacking attacks can occur

Juice jacking can happen in any public place that provides USB charging stations, including:
  • Airports.
  • Hotels and hostels.
  • Charging kiosks.
  • Coffee shops.
  • Train stations.
You may think that hackers only target places offering a free charge, but that’s not always the case. Even the public charging stations that you typically have to pay for may have malware installed.
Related articles