While it sounds like some new sports drink craze, Juice Jacking is actually a way to steal information straight from your cell phone or mobile device while the device is still in your possession. It’s shockingly easy to pull off.
Picture this: you’re at an airport or train station, and your ride has just been delayed, by 6 hours. You glance at your phone and see the dreaded red line indicating your battery is about drained. But never fear! You have your USB cord and you saw a public charging station while walking down the terminal.
Thinking your luck is looking up, you grab a coffee and plug into the handy-dandy free power charging station. What seems like great luck could actually lead to criminals gaining all of your passwords, credit card numbers, mobile wallet details, photos and other personal info stored on your device.
How does that happen?
This fraud starts with criminals tampering with these unsecured charging stations to install a small computer so that when you charge your device using a USB, it syncs with your device and siphons off all your info. This can happen quickly; in less time than it will take you to finish your coffee and your device to charge.
This is not just occurring in airports and train stations either. Reports have found this happening at free charging stations nationwide, especially in airports, malls and bus terminals.
Mobile device security
1. If possible, use your charging cord plugged into a wall outlet instead of free charging stations.
2. Reality says we don’t always have our charger handy, and wall outlets (especially in malls and airports) are few and far between, so consider carrying a backup battery or personal quick-charger. I picked up a cool personal phone charger at a conference (vendor giveaway) that I can recharge to use over and over again. It's also nice and compact, fitting in the palm of my hand. I just leave it in my backpack so I always have it with me while traveling.
For frequent travelers, you may want to invest in charging accessories, like bags you charge that in turn charge your phone every time you slip the phone in the bag, or another type of higher powered personal mobile device charger.
3. If carrying your own backup is a challenge or you want a less expensive alternative, you might want to invest in an inexpensive power-only USB cord to use with public charging stations. These cords are missing the wires necessary for data transmission so they literally can only charge the device (not download anything or transmit data). I found several on Amazon ranging from $5 - $10. Wherever you shop for these, look for USB cords that state “does not support data transfer” or “charging USB with data block.”
4. Some phones can’t pair or sync while your phone is locked, but that’s not true with all operating systems. I personally recommend locating your pairing / syncing function, most frequently found in the Tools or Settings folder, and disable pairing / syncing without permission. What that means is your phone would alert you and require you to authorize pairing / syncing vs. just doing it automatically. Most phones out-of-box allow pairing and syncing; you have to change this setting yourself.
About the Author
Rayleen is the founder and owner of RP Payments Risk Consulting Services, LLC. based in Missouri. She is a nationally recognized payments risk and fraud expert who offers specialized consulting services, procedural and risk management reviews, and payments education. Rayleen’s specialized skill is delving into the world beyond the payment rules; areas where organizations often find themselves in positions of liability or loss with little to no clear guidance. She is an Accredited ACH Professional (AAP) who has worked with all payment systems for nearly 20 years. Rayleen also holds a Bachelor’s of Science in Criminal Justice Administration.