I’ve always hated public mobile charging kiosks for their dirty and infectious exterior that have been touched by a thousand filthy hands. Turns out it can be harmful from the inside too. SBI recently tweeted a warning for its customers that was directed against public mobile charging stations available.
The government banking corporation warned everyone of ‘Juice Jacking’, a hacking maneuver that compromises personal data including banking details. A charging kiosk can potentially drain your bank account in minutes.
Here’s how it happens. When someone charges their phone through a computer’s USB port, an option always crops up on the phone where it asks the users if it wishes to exchange data with the device. In a Juice Jacking attack, this prompt is overridden and the smartphone is compromised.
There are two types of hacks possible through Juice Jacking – data theft and malware/backdoor installation. Data theft is self-explanatory. On contact, a USB device extracts encrypted data from different apps and browsers. They may include your bank account numbers, passwords, email IDs, and digital signatures.
Malware/backdoor installation gives malicious hackers dynamic access to your phone. It can be used to spy on your activities, which may be used to further other dangerous goals, including terrorism. The hackers are able to gather a variety of data in bulk, particularly the GPS locations the user has been to, online purchases, social media accounts, call logs, personal photos, and other sensitive information.
To avoid getting juice jacked, you need to ensure that the charging station is connected to an electrical socket, and not a different device. Better, you should use the USB charger adapter that came with your mobile. It’s also better to carry your own charging cable or a portable power bank. USB data blocker applications can be installed to prevent accidental data exchange as well.
Beware of connecting to public interfaces. Stay safe!