Nefarious technique could steal your valuable data and drain bank accounts

Mysuru: A dead or dying phone is enough to send anybody on a mad dash to find a way to charge the device. But think twice before using that random cable or a USB port found at the charging stations kept at bus stands, railway stations, hotels, shopping malls and even airports as hackers could be waiting to steal your data.

Unless charging points are simple power sockets, the USB (Universal Serial Bus) cables provided at such places could surreptitiously copy sensitive data from a smart phone, tablet or any computer device. Such malicious hacking is called Juice jacking — a type of cyber attack involving a charging port that doubles up as a data connection/ collection point.

Could drain a bank account

Free charging from a public USB Port could end up draining bank account of a naive user. Juice jacking happens when unsuspecting users plug their electronic devices into USB ports or use USB cables that have been loaded with malware. The malware then infects the devices, giving hackers an easy access to your data stored in mobiles and laptops.

This setup allows for Juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/ power cable to illegitimately access your phone’s data or inject malicious code onto the device. The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device.

Even passwords can be read

At a time when everyone is using online payment or digital method to pay bills, transfer money and to order food, hackers can then read and export data, including passwords, and even lock up the gadgets, making them unusable. Juice jacking exploits the fact that somebody doesn’t have a full battery, say cyber security and anti-virus experts.

Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, SMS database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime. 

A few such Juice Jacking cases have come to light in the State where people have lost valuable data and have lost money to hackers. Like scammers who steal debit card numbers by putting illegal card-reading devices, or skimmers, on ATMs, hackers can easily rip out USB ports and replace them with their own malicious hardware, said a cyber security expert. 

People want the convenience of charging their phones and tablets wherever they go. Bengaluru has seen 60 data theft cases in 2017, 68 in 2018 and 142 in 2019 indicating a progressive increase year-on-year. Meanwhile, the State Bank of India, India’s premier financial institution, has warned people not to use USB ports to charge their devices in public places. 

‘USB condoms’ for data privacy

Devices dubbed as ‘USB condoms’ are increasingly getting popular. USB condom or USB data blocker is a simple device that blocks data transfer when connected to a smart phone or tablet (in a public place) and just allows electricity to pass through it for charging the battery. These devices cost anywhere around Rs.500 and can be purchased online.

It simply needs to be connected to the USB cable and which prevents data transfer when the mobile is connected to a public USB charging station. In other words, this device simply converts your USB cable into a mere charging cable, blocking data transfer. USB condoms are becoming an important accessory because there is a sudden rise in Juice jacking.

Will take action: City Top Cop

Reacting to a rather new trend of data theft crime through Juice jacking, City Police Commissioner K.T. Balakrishna told SOM that people must be wary of USB ports masquerading as chargers in public places. “So far there has been no such incident of Juice jacking in Mysuru and in case of thefts, people must immediately file a Police complaint. We will hand over the investigation to Cyber Crime Branch of Mysuru City Police,” he said.

How to avoid Juice jacking

• Keep your devices charged: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
• Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one so that you can charge your phone anytime and anywhere.
• Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
• Use power-only cables: These cables have only wires for power transmission. They will charge your device, but data transfer is made impossible. 
• Use USB condoms: Use attachable protective devices on USB cables known as USB condoms.