Meeting Mentor Magazine

November 2024

Easy Ways to Avoid Juice Jacking

No, “juice jacking” isn’t when someone not associated with your meeting raids your breakfast buffet. It’s yet another way that unscrupulous hackers can get into — and steal information from — a cellphone being charged at public USB charging stations, including those at airports and hotels. Yes, even the sponsored USB charging station at your show could potentially be compromised, as it doesn’t take long for a hacker to turn a great convenience into a potential liability.

“Juice jacking is basically a portable charger or a charger out there in the public that’s been designed to look real,” Jim Stickley, a cybersecurity expert, told NPR. “It will actually charge your phone, but it’s also either installing malware on your phone or stealing data off of your phone or other mobile device.” That’s because the USB port is doing more than channeling electricity to your device. It also is a conduit for data, including passwords, credit card details, and names and addresses, that once swiped can be used to steal your money, your identity, and more.

This isn’t a new problem, even if you’re just now hearing about it. Brian Krebs coined the term “juice jacking” in 2011 after he wrote a blog post about the DEFCON hacker convention in Las Vegas, where researchers set up a mobile charging station showed how it could happen, even to members of that very security-savvy audience. Luckily, that was just a demonstration, and instead of malware and worse, users got this message: “You should not trust public kiosks with your smartphone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route, and your data is safe. Enjoy the free charge!”

But if you haven’t heard about it previously, you likely will now that the problem is getting a lot of attention. Cybersecurity company NordVPN, which provides secure private virtual networks (VPNs), found last year that one in four travelers have been jacked or otherwise hacked while traveling internationally, most often at airports or other transportation hubs.

More recently, the Federal Bureau of Investigation’s Denver office on April 6 tweeted a warning to travelers to beware of the juice-jacking risks of public USB charging stations. “Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead.”

Five days later, the Federal Communications Commission (FCC) tweeted, “Think twice before using public charging stations. Hackers could be waiting to gain access to your personal information by installing malware and monitoring software to your devices. This scam is referred to as juice jacking.” Now the word is out, with even late-night TV talk shows getting on the juice-jacking-warning bandwagon.

So how would you know if you’ve been juice jacked? You may see some unauthorized purchases or calls you didn’t make start to show up, or your phone may suddenly bog down or heat up. But you may not see anything suspicious at all — until you get a call from your bank or credit card provider about some unusual activity.

Fortunately, this is one of the easier scams to avoid. You can eliminate the risk altogether by bringing your own power bank (pre-charged before you leave home). You also can bring your own charger and power cord and plug directly into the wall, since only the USB ports are, at least for now, where the bad guys can jack your juice. Another way to keep your devices safe is to use a USB data blocker such as Juice Jack Defender. This little device that you plug into your phone’s charging port will filter out malware or identity theft attempts.

If you absolutely have to use a public USB port and don’t have a power bank, power cord and plug, or USB data blocker, another possible way to defeat the hackers is to choose the “charge only” option when plugging into a potentially sketchy public USB port and just say no to the “share data” and “trust this computer” options, according to the FCC.

The FCC also has other tips on mobile phone and online security in its consumer guide, Wireless Connections and Bluetooth Security Tips.

Free Subscription to
MeetingMentor Online











Continue

About ConferenceDirect
ConferenceDirect is a global meetings solutions company offering site selection/contract negotiation, conference management, housing & registration services, mobile app technology and strategic meetings management solutions. It provides expertise to 4,400+ associations, corporations, and sporting authorities through our 400+ global associates. www.conferencedirect.com

About MeetingMentor
MeetingMentor, is a business journal for senior meeting planners that is distributed in print and digital editions to the clients, prospects, and associates of ConferenceDirect, which handles over 13,000 worldwide meetings, conventions, and incentives annually. www.meetingmentormag.com

Design by: Loewy Design