NYTimes warns of USB "juice jacking"

twitter logo github logo ・1 min read

Today's NYTimes features an article titled Stop! Don’t Charge Your Phone This Way.

It warns that hackers are setting up compromised USB "charging stations" in airports, hotels, etc. Similar to "card skimmers" on ATM machines.

First time I have ever heard of the potential for this attack method. Legitimate threat that people need to be aware of or more of a clickbait concern? What do you think?

Photo via Unsplash

twitter logo DISCUSS (15)
markdown guide
 

I don't think it's just clickbait.

I own a few of these things:

amazon.com/PortaPow-3rd-Gen-Data-B...

They are data blockers, they only let through the charging signal, very useful for when you have to plug in a random public USB port.

 

Until they start making fake, compromised versions of the device above! Scary thought

 

hahahaha then we descend in tinfoil hat territory :D

 

On Android devices, plugging in a USB cord that is also plugged into a computer provides options on what the USB should be used for:

Android USB Options Screenshot

It defaults to "No data transfer", so I'm not sure if this is a real issue unless the user changes that setting after connecting. I could be mistaken on this though.

 

I think connect is connect. Not important what thing choose. So they can do anything if your device connected to computer. This is my idea 🙂

 

Never heard the term "juice-jacking" before today, but reports of the problem have been around for a while.

It used to be that phones would, by default, expose the filesystem to any USB connection. Newer Android devices require the user to actively choose to allow access.

My questions would be:

  • Is there still information exposed even if the user selects "power only"?
  • Are vulnerable devices still coming/popular? -What are they?

Several folks have advocated carrying a power-only cable. That's a reasonable preventative, but it's not a cure-all (more a defense in depth). Many charging stations don't offer ports, just hardwired cables with the various connectors.

 

I've heard of this previously and yes, I would say, charge with care, be aware of your surroundings.

That said, I'm not too worried as I tend to have a power pack with me and will use the USB port to charge the power pack, instead of my phone.

EDIT: Having a charge only / no data table may help to skirt any data hacking concerns.

 

Some other people mentioned using those cheap-o USB charging cables without data wires that come with some devices. This solution amuses me because it turns a penny-pinching defect into a “feature”.

 

That reminds me of a video by some YouTuber called N-O-D-E I saw two years ago. In this clip he shows how to build yourself an adaptor for charging your phone safely.

Picture of USB Keychain

 

Peter. This is very dangerous... Hackers can't access all this data it's gonna expose personal data..... Imagine if they had a DNS too such a bad hack..
Don't use ANY random USB!

Share this with EVERYONE on Dev!

 

This kind of hacking has been in the news quite some time ago.

 

I just use my power pack. It charges faster. I can sit where I want. And I know it is safe.

 
  1. Get a power-only cord. There are really cool 3-way cords like: amazon.com/dp/B07KZNSW4K

  2. Get a battery pack. These things are SO cheap and light these days. I love the Anker brand.

 
Classic DEV Post from May 7

The newly announced future of .NET - unifying all the things

Microsoft announces .NET 5

Peter Kim Frank profile image
Working on a bit of everything at DEV. He/Him