If you are planning to fly off somewhere this holiday period, beware if your mobile phone is low on battery. There are plenty of public USB charging stations around airport terminals, but are they safe to use?
Thousands, or sometimes even millions of people pass through airports every single day. These are not all just holiday makers or business travellers – some could even be cybercriminals! Furthermore, these criminals take advantage of the vast numbers of people using public USB connections to juice jack!
What is juice jacking?
Juice jacking is not only unique to airports. It can happen in any area where there is access to public USB connections. This can be bus stations, cyber cafes, hospitals, hotels etc. Cybercriminals use the juice jacking technique to access other people´s devices. They do this without their knowledge or consent. Furthermore, they can steal data, or install malware onto their devices.
Real life case
The OSI (Oficina de Seguridad del Internauta) advises of a real case. The example is that of Lucía, who did not have time to charge her electronic devices fully before leaving for the airport. Upon arrival at the terminal, she decided to connect her mobile to a charging point.
After charging for a while, a notification appeared on her device. Without giving it much notice, she clicked “Accept” thinking that it was a notice regarding charging the phone. But, then, looking at the screen, she could see how some applications, such as email, were running automatically as if someone was using them. However, when she disconnected the device, everything returned to normal. Lucia was not sure if her mobile had been infected by some type of malware from the charging station. But, at the end of her trip she decided to restore her device to factory settings to prevent future problems.
In this case provided by the OSI, Lucía had no major complications other than having to reset her device. However, there was the possibility of being part of a data leak and/or malicious actions with her device. In that scenario, it could have compromised her confidentiality or even caused legal problems.
The risks
According to OSI, malware infection techniques are becoming more sophisticated, installing themselves in the system partitions of the mobile (invisible to users), thus being able to survive even if the mobile is wiped.
Furthermore, the risk of information theft is high since the cybercriminals can gain access to any data on mobile phones. This includes photos, location, call history, application data, files, bank information, digital certificates, and more.
Protection
If you need to use your mobile while you are in an airport;
- Ensure you have sufficient level of charge in the battery
- If you anticipate that the battery will not last, take a portable external battery
- Don’t plug your phone into any USB port on a device you don’t control, such as public charging stations
- Disable data transfer and/or the USB modem from the developer options, if you have them activated, in the “Options” menu
- Reduce its use as much as possible while you remain in these places.
But, what if you need to charge your phone?
If you need to charge it urgently in a public place, the OSI recommend:
- Not to leave it unattended
- Lock the screen while you charge the phone to minimise data transmission
- Charge it for the minimum necessary time
- Do not accept connection requests to your device if a notification appears asking for it
What to do if your mobile may be infected?
If you believe your mobile device has been infected, you can carry out a series of checks:
Firstly, turn it off. This will prevent data transmission and prevent the malware itself from continuing to function. Change all the passwords of any apps you were using in it and block all linked bank cards.
However, if you are unable to fix the problem yourself, contact professionals who can. The OSI make their resources available to all users to raise awareness and be able to avoid this type of situation. Furthermore, you have access to INCIBE’s “Tu Ayuda en Ciberseguridad” service, free and confidential, to consult your doubts and problems.
Also read: Interpol Cybercrime awareness campaign #YouMayBeNext
