How to Sign In
Cengage Technology & Computing Blog
cancel
Showing results for 
Search instead for 
Did you mean: 
X
Juice-Jacking
Scholar
307 Views
6 Comments

You've just made it through TSA airport security and are headed to your gate. You notice that your smartphone needs charging so you can binge-watch all those movies on your long flight. But as you search for your phone charger cord suddenly panic sets in! You realize that you left it at home. And you're not about to spend $20 at one of those airport stores for a cheap phone charger cord that you can buy online for $7. But the last thing you want to do is spend the entire time on the flight reading an in-flight magazine while you listen to the person sitting next to you talk for three hours about swimming with the dolphins on their latest vacation.

 

What can you do?

 

You could hunt for two lemons and some galvanized and steel nails to build your own phone charger (yes, you really can). But just imagine what TSA would think when they see you building something like that.

But look! There's one of those free quick-charge cell phone charging stations over there. You rush over and see just the cable you need dangling free. It's just inviting you to plug in your phone to charge it. Problem solved! You smile to yourself that soon you'll be all charged up and ready to go.

 

What could possibly go wrong?

 

Well, the answer is "juice-jacking."

 

In a recent interview with Forbes Caleb Barlow, Vice President of X-Force Threat Intelligence at IBM Security, warned that their research is showing that a growing number of nation-state cybercriminals are taking to airports and training their sights on travelers. In fact, the transportation industry is now the second-most attacked industry, up from tenth place in 2017. Why? It's because travelers carry a "goldmine of data" (passports, payment information, and detailed travel itineraries to name a few) that threat actors want to get their hands on.

 

Barlow also raised a warning about those free quick-charge cell phone charging stations that are common in airports. These same cybercriminals could modify the USB connections of these charging stations. How? On a bigger scale they could infiltrate the supply chain as these devices are being built and insert their malware (that has happened before). Or they could just insert a tiny device between the end of the legitimate cable and the connection for a smartphone (another common trick). However they do it, the attackers could then exfiltrate (download data from your phone like contact lists, photos, text messages, emails, corporate documents that you have downloaded, etc.) or infiltrate (upload and install malware onto your phone) your smartphone.

 

Barlow puts it this way: “Plugging into a public USB port is kind of like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been” (and doesn't that leave you with a mental picture that you would soon like to forget!).

 

In the security world this is called juice-jacking.

 

Here's the technical backstory. At one time there were dedicated charging ports on our smartphones that required us to plug in a special phone charger that connected to a wall electrical power outlet. Those days are long gone. Today smartphones have USB ports that double as data ports and charging ports. By plugging your phone into that airport charging stations you may not only get electrical current to your phone but also unwanted malware coming in or your personal data going out.

 

What can you do?

 

There are small devices that look like a USB flash drive that you can insert between a portable device and the charging port. These devices block the USB data pin connections so that only power can go to the device. They have names like the Juice-Jack Defenders and SyncStop and usually cost between $7 to $12. They are commonly used to help prevent an infected USB flash drive from infecting a computer (or vice versa). However, these devices have "full size" USB connectors (USB-A) and not the Mini-USB or Micro-USB connections that are found on smartphones. Thus, they wouldn't work for protecting your smartphone from an infected cell phone charging station.

 

There are a couple of options. You could purchase a cable that connects to your smartphone on one end and to a wall power outlet on the other end so that you could charge your smartphone directly from the wall outlet. Unfortunately, an available wall power outlet is sometimes hard to find at a busy airport.

 

Perhaps the best solution is to purchase a portable power bank, which is essentially a battery that you charge and then carry with you to charge a smartphone. You will probably want a 2.4 amp / 12 watt / 15k mAh device. This can charge a single smartphone quickly and up to five times before the power bank itself must be recharged.

 

Whichever of these options you decide upon you might consider just leaving it with your luggage in the closet. That way you won't forget it the next time you leave home.

 

But the question comes to mind of how serious is this risk? Well, the risk is certainly there, albeit fairly small for now. But as attacks against travelers become more frequent we may see more of these attacks occurring, so protecting ourselves is certainly not a bad idea.

 

(And thanks to Danielle Klahr, Cengage Product Specialist, for bringing this to my attention)

 

6 Comments

Also thanks to @SamBest for the topic! Great article, Mark!

Commenter

Thanks Mark. I will be sure to take my  battery pack on my travels this summer. 

Jim

Valued Contributor
Thanks for the information, What would you suggest for charging an android tablet?
Commenter

Search for a portable phone charger (battery) and you can choose from many. As long as your tablet uses a USB  charging cable any one will work. That way you are not dependent on having a plug available and you can even use it on the plane (or whatever your mode of travel)

 

Scholar

Here are a few things to consider when selecting a power bank for an Android tablet or for any device:

  • Start by determining what connector your portable device has for charging: Micro-USB or USB-C are the most common today. The larger capacity power banks will support multiple types of connectors.
  • A power bank with a capacity of 3,500mAh or less will probably only give you one charge.
  • Power banks with more capacity are also physically larger. A small power banks that fits in a pocket will typically give you one or maybe two charges, while the larger banks will have to be stored in a bag or a purse.
  • If speed is an issue, then a USB-C usually will charge faster (of course, your device needs a USB-C connector).
  • Still on the issue of speed, there are some standards that may help (if your device supports one of them). Samsung's Adaptive Fast Charging and Qualcomm's Quick Charge can charge faster (by increasing voltage rather than amperage) but Fast Charging only works with certain Samsung devices and Quick Charge requires that your device has a compatible Qualcomm Snapdragon chipset. A newer protocol is called Power Delivery.
  • Pass-through charging is a nice feature that lets you charge devices connected to the power bank while the power bank itself is being charged.
  • New power banks support wireless charging so you don't even need a cable; just rest your phone on top of the power bank.
Contributor

Thanks for the great information! We used power banks on our recent travels through the UK, but that decision was based on being able to charge while traveling on the trains among other things. It is good to see we may have also been protecting ourselves without being aware of juice-jacking.