This holiday season, be careful where you charge your device! Free charging stations are becoming increasingly common and can pose serious dangers. They can be found in airports, restaurants, shopping centres and even on public transport.
And, as always, taking advantage of a need, there are cyber attackers.
It’s not that the restaurant owner wants to get into our phone to give himself a good review. The problem with these charging areas that can save us from so much trouble is that they are public and thus vulnerable.
Can you charge your phone?
If you have no other choice, yes.
But remember:
- It is imperative that you make sure you have the data transfer option disabled on your device.
- On some devices, the “charge only” option is usually the default, but it is a good idea to check this.
- On others, you may notice that whenever you connect the cable to a computer, a message appears asking if you want to trust that device and let it access your photos and videos.
- In the latter case, seeing this message on a public charging port should set off our alarm bells and, in any case, answer ”Do not allow”.
How do they alter charging points?
Sometimes, cybercriminals use this vulnerability to turn a simple point to recharge your battery into a window for an attack. As they are open to everyone, a malicious user might be able to modify them in such a way that when they charge your device, they can install malware on it.
It is also common to leave a carefully “forgotten” cable to one of these ports and, in an emergency, think of using it to charge our mobile phone. As we can imagine, this could lead to serious problems on our device and be a danger to our data and that of our organisation.
Through this technique, which has been baptised as juice-jacking, attackers manage to install malware on the device that is connected to the charging point (usually via USB), but they are also able to obtain sensitive data from our device, such as passwords or sensitive information.
To better understand how this happens, we need to understand how a USB works. Even though we use it in our daily lives, do we really know how it is made?
If we take the nearest cable we have —we are sure we have one not too far away while we are reading this article—, we will be able to see the four pins it is composed of (some versions may have increased the number). Well, two of the pins are responsible for charging our device, but, apart from this, the other two are responsible for data transfer. This is what cybercriminals take advantage of to easily steal information from our devices.
A similar attack to juice-jacking, and perhaps even more dangerous, is video-jacking, which consists of recording the screen of our device and sending it via the same method, uploading via a manipulated USB. In this case, anything we do or see on our phone will also be visible to the cyber-attacker, who will be able to take advantage of our data.
Alternatives and tips
- Use power banks.
- Always carry your own cable and adapter.
- There are USB data blockers. These are devices that allow power to pass through to charge your device, but block data transfer.
- Also, as mentioned above, make sure you have the “charge only” option activated on your device.