Juice jacking occurs when a USB charging port is infected by a security exploit that compromises devices that are connected to it. It is not something most people would think of when they imagine a cyberattack. So, if you are hearing about this term for the first time, you are certainly not alone.
To be fair, juice jacking is a relatively rare kind of attack. But when it does occur, bad actors can extract sizable quantities of sensitive information.
Though relatively rare juice jacking can extract sizable quantities of sensitive information
It rides on the ability of USB cables to charge devices and transmit data at the same time. Juice jacking could occur anywhere but is more likely to take place in public spaces such as shopping malls, airports, hotels, and restaurants where there are free charging ports. In these places, they would seem to be a convenient means for your employee to charge their mobile phone before they get back home or to the office. By doing so, they may inadvertently share confidential company data with cyber criminals.
It doesn’t have to be that way. Here’s how you can prevent it.
- Risk Awareness
Knowledge of the risk is by far the most powerful weapon against juice jacking. Your average employee is unlikely to intentionally disclose sensitive company information. So, juice jacking success depends on the target’s lack of knowledge. If your staff understand the data disclosure and malware infection threats lurking when they plug their gadgets into public charging stations, they are less likely to do it.
Incorporate juice jacking awareness in your overarching IT security training. All staff should be sensitized on this risk, but you should prioritize training for those who are in roles that regularly demand travel or telecommuting.
These include senior executives, IT employees and sales and marketing staff. Notably, remote work is set to be a permanent fixture for many employees post-pandemic. About 60 percent of US organizations that expanded remote work options for employees are keen to leave it that way.
- Share Tips on Extending Battery Life
The next best protection is avoiding charging devices in public places altogether. No charging, no juice jacking. To make this doable, you need to give employees suggestions on extending battery life. For instance, nearly all smartphones now have features allowing battery saving. When they enable this power saving mode, the phone shuts down apps running in the background leaving only the most essential. It may dim the display as well.
They can go further and switch off mobile data and/or turn on airplane mode. Where the phone has very little charge left, they could switch it off altogether, so they have some power for the times they really need it.
- Provide Chargers and Power Banks
With USB charging ports, all you need is a cable that you plug into the port then connect to your phone. Since it is these kinds of ports that are vulnerable to juice jacking compromise, employees should instead use AC sockets when on the road. They need to have chargers to do that. Ergo, provide your traveling and telecommuting employees with chargers and power banks.
Chargers should not be difficult to provide for a company-issued phone as these already come as part of the package on purchase. If your employees are using personal phones however, you cannot rely on their personal chargers. You may have to procure company chargers for them. For power banks, you have to buy these. There is a cost to buying chargers and power banks then replacing them every so often. But the cost is worthwhile given the risks of leaving employees to their own devices, quite literally.
- Provide USB ‘Condoms’
A USB connection has four or five pins. Two of these are used for data transfer while one carries the electricity. You can block off the data transfer pins by using a USB ‘condom’. Also known as a USB data blocker, this is a pass-through adaptor that blocks all other pins except the charging one.
Armed with this, even if your employee plugs their mobile phone to a compromised charging port, no data transfer or infection can occur.
- Disable Data Transfer
Your mobile phone will often ask you to confirm whether you want to enable data transfer when you plug it to a USB charging cable. This does not however happen on all phones, all the time. As a precaution, employees should make sure they have disabled the data transfer feature before they connect their device to a USB cable in a public space.
This is not a foolproof solution though. Sophisticated cybercriminals may find a way to circumvent or remotely enable this setting.
Juice jacking may be rare, but it can and does occur. Several factors make it hard to trace an attack back to juice jacking. First, employees who have a habit of using public charging stations will probably not know at which exact location the breach occurred. Second, when a company discovers it has been breached and its information disclosed, juice jacking will likely not be up there as among the causes that should be investigated.
Incorporate juice jacking awareness in your overarching IT security training
You are always better off taking measures to prevent your staff from falling victim. Think your business may be the victim of juice jacking? Want to incorporate juice jacking into your company’s security awareness program? Book a call.