Home > Tech Explained

Avoiding “Juice Jacking” Attacks on Your Phone

By Simon Batt
Avoiding “Juice Jacking” Attacks on Your Phone Featured Image

Being caught out in public with a dead phone battery can be a hassle. Thankfully, some public places (such as airports) have set up charging stations which allow you to give juice to your dying device. Just plug in your charger cable, attach your phone, and you’ll be charging in no time. Convenient, right?

Unfortunately, while convenient for you, it’s also convenient for people with malicious intentions! These charging stations can be compromised in a way that accesses your phone without your permission. From here, it can either transfer malware onto the phone or steal data from it. This is the case of “juice jacking,” and it’s a problem that will keep you from always trusting public charging stations when you see them.

How Does It Work?

juice-jacking-charger

If you’ve ever plugged your phone into a computer using a USB cable, you’ll notice it does two things. First, it’ll charge the battery as if you plugged it into a power outlet. Second, you’ll notice that the phone can share files and folders with the computer. The USB cable, in this scenario, works in two ways, both as a charger and a way to transfer data. This is what makes USB cables particularly attractive, as it can do two jobs at the same time.

When you’re using a legitimate charging station via USB, you’re only using the first feature of USB cables – the charging. However, someone with malicious intent can make additions to the charging station in a way that uses the second feature – the data transfer. They use this untapped potential to either put malicious code onto your phone or drag data off of it. People plug in their phones thinking they’ll only get a battery charge when in reality they’re receiving far worse!

Dodging a Juice Jacking Attack

So now you know what juice jacking is and where it can lurk. Now for the important bit: how do you stop a juice jacking attack from hitting your phone?

Don’t Use Public Chargers

As with most malicious attacks, the absolute best protection you can use is a sense of caution. Never use a charging station that requires a USB connection to charge. If you want to charge your phone on the go, simply use an AC adapter and plug it into a power socket when you find one. Juice jacking can’t work through a power socket, so you’ll have nothing to fear!

If you end up using a public charging station via USB and the phone asks if you want to mount the drive, never do so! Doing so will open up your device for data transfers by the station. Make sure your device doesn’t automatically mount itself when plugged in via USB, either.

juice-jacking-cable

Charge-Only USB Cables

If you really have to use a USB charging station while on the fly, you can use a USB charge-only cable instead. These cables cut out the USB’s ability to transfer data over USB, so any malicious code within charging stations can’t get at your phone. You’ll receive all the benefits of a public charger without any of the risks that are involved alongside it. A good example of a charge-only cable is the PortaPow.

juice-jacking-adapter

USB Converter

You can also get small devices that convert regular USB cables into charge-only ones which have the crude nickname of “USB condom.” The idea is that you plug this into the port, then plug your USB cable into the device itself. The device prevents data from being transferred, so you can charge your phone without having to worry. A good example of such a device is the SyncStop. There’s even a guide on how to make your own!

Personal Chargers

If you want to take matters into your own hands, you can carry around a personal charger or portable battery. When you’re running out of charge, simply plug your phone into one of these and you’ll be back in action in no time. It also comes with the added benefit of not having to frantically hunt for a power point as your phone slowly dies on you!

Juiced Up

With the convenience of being able to use charging stations, there also comes the convenience of manipulating it to steal data or transfer malware to connected devices. Stay away from public charging stations, use a power outlet, get a USB charge-only cable or device, or simply carry around your own charging methods to stop yourself from becoming a target.

Did you trust public charging stations in the past? If so, do you now? Let us know below in the comments.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Simon Batt Avatar
Simon Batt
Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Read next

When Sony shipped the first Walkman in 1979, chairman Akio Morita insisted on a second headphone jack and a “hotline” talk button, convinced it would be rude for one person to listen to music alone — and within a few years buyers had ignored the sociable features so completely that Sony quietly dropped them
Russia still custom-builds the Soyuz return seats for ISS crew members using plaster casts taken weeks before launch, because astronauts grow as much as five centimetres taller during a long-duration stay and a seat moulded to their Earth-shaped spine would no longer fit the body that comes home
Close-up of a young adult using a smartphone outdoors, highlighting modern technology and connectivity.
The “CrackBerry” nickname stuck for a reason — and the variable-reward psychology that hooked early-2000s executives on their BlackBerrys is the exact same machinery now running every push notification on every smartphone in your pocket
In 1843, Ada Lovelace described a brass-and-punched-card engine that could act on symbols as well as numbers, even composing music if harmony could be reduced to rules, inside seven translator’s notes three times longer than the paper itself
Bright modern laboratory with computers and technical equipment for research and analysis.
ARPANET sent its first message on 29 October 1969 from a lab at UCLA to a machine at Stanford, and the message was supposed to read ‘LOGIN’ — but the system crashed after the L and the O, meaning the first word ever transmitted over the network that became the internet was, by accident, ‘LO’.
In 1995, Microsoft shipped a cartoon-house interface called Bob, led by Melinda French, who married Bill Gates while it was in development — it demanded twice the memory of a typical home PC, sold roughly 30,000 copies, and was dead within a year, leaving behind the font Comic Sans and the animated assistant that became Clippy.
Stunning underwater shot of tiger sharks swimming among fish in the ocean depths.
The Greenland shark grows about one centimetre a year, does not reach sexual maturity until around age 150, and a specimen carbon-dated by Danish researchers in 2016 was estimated to be at least 272 years old, meaning it was already swimming the North Atlantic when Mozart was composing symphonies.
A person using a smartphone with a green screen surrounded by fresh fruits and vegetables in the kitchen.
When Apple shipped iOS 12 in June 2018, a small feature called Screen Time slipped onto every iPhone with a counter nobody had quite prepared for — a tally of pickups — and within a day Tim Cook was telling CNN the number of times he picked up his own phone was simply too many