"Juice jacking" could compromise users' devices even without them granting data access through public USB chargers

mylesillidge

mylesillidge

Journalist
Joined
Jul 29, 2021
Messages
3,897
Reaction score
4,116
South Africans warned about public USB chargers

South Africans should avoid using USB ports in public places such as hotels and airports to charge devices like smartphones or tablets.

Many small electronics are capable of charging off a USB connection with much less power than what can be provided through a regular AC power socket.
 
first you will have to find one, and then it probably will not be working, or will have something plugged into it anyway. Easiest fix is to plug in your power bank and charge that, because 99% of the power banks do not have anything more intelligent than a charge controller built in, and it does not care about the USB connection.
 
The more advanced technology becomes the worse it is. And here we thought technology would free us. I must admit that I have never used free WiFi and never will, but I never thought about using a USB charging socket being dangerous, New day, new nightmare it seems.
 
Justanotherguybythesea said:
first you will have to find one, and then it probably will not be working, or will have something plugged into it anyway. Easiest fix is to plug in your power bank and charge that, because 99% of the power banks do not have anything more intelligent than a charge controller built in, and it does not care about the USB connection.
Click to expand...
Every time I buy a power-bank, the wife wonder off with it and I never see it again.
 
I don't know about Android but iOS always prompts to trust a cable trying data? If you don't reply it only allows charge?
 
Pretty easy to circumvent.

Hotel USB --> USB power bank with pass through --> my device.

But most won't do this as it's not convenient etc etc
 
PCWARITM said:
Well no, in theory you can supply 220v through that cable and fry any phone, but you'd have to compromise the equipment to start with, so yes it's possible, but no, it's unlikely.

Marcus Hutchins' take on it:

www.linkedin.com

Sign Up | LinkedIn

500 million+ members | Manage your professional identity. Build and engage with your professional network. Access knowledge, insights and opportunities.
www.linkedin.com www.linkedin.com

We really need to stop with the "juice jacking" attack fearmongering.

1. It's not a realistic threat, it's a proof of concept that demonstrates a capability is a controlled environment.

2. The risk vs reward of installing random malicious USB chargers all over the world is basically insane.

3. USB data blockers only move the risk upstream. It would be far easier to sell malicious USB data blockers than to tamper with electrical outlets in places like airports.

4. There is nothing on your average person's phone which is worth the cost of stealing is via juice jacking.

5. All the FBI / FCC / Police warnings originate from the same proof of concept video, and even the creators of the attack state the chance of it happening in the real world is basically zero.

6. There are still zero reported cases of it happening anywhere.
Click to expand...
LinkedIn article? No thanks.
 
images
 
Most websites now days use SSL making the dangers of public wifi a bit overstated.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X