We’ve all felt it, especially while traveling. The cold panic upon the wretched realization that our smartphone’s battery indicator has turned red. How to send a text? Call a ride? Get from point A to point B? Suffer the crowds without Lizzo’s voice in our ears?
Enter the public charging station. A life raft in a crowded sea of humanity insensitive to our plight. We connect our phone to it. But little do we know, as the battery charges, this life-saving convenience has usurped our personal information, texts and passwords. We’ve become a victim of juice jacking.
What is juice jacking?
Juice jacking is a scam that could take advantage of people desperately looking for a way to charge their dying phone. Fraudsters set up a USB port or cable at mobile charging spots, enticing folks to use them. But those juicing sources deliver malware to the device, and scammers end up hijacking it—gaining access to personal information, private photos, emails, texts and various accounts, within seconds.
While there have been no confirmed reports of juice jacking, the concept of a malicious charging station was dreamt up by hackers years ago. They set one up at DEF CON in 2011 to see if people would be vulnerable to it. In fact, they were: Hundreds of people used it, clueless to the possibility of being hacked. Thankfully the hackers wanted only to make a public service announcement about the potential dangers of charging at public juicing stations and not interested in hijacking information from the phones at all.
Hackers have since found new ways to steal information via USB charging. In November 2019, just before the holiday rush, LA County District Attorney officials warned that, in fact, “malware can lock your phone or export data and passwords directly to the scammer.” The advisory—albeit theoretical—got picked up by news outlets nationwide.
As the website Snopes notes, while juice jacking is technically possible, the practice doesn’t appear to be widespread.
How juice jacking works
There are a few ways that researchers have found to make the scam work. Scammers could hide a computer in a kiosk to hijack your personal information when you charge up your phone, or they could inject malicious code via the connection. Whatever the case may be, experts say that within a minute, sensitive information—private photos, your address book, and so on—can be in the hands of a scammer.
More recently, hackers have found a way to imbed a malicious microchip inside the cable itself. In this way, unsavory types can treat themselves to a big helping of your information once you unlock your phone.
How can I protect myself from juice jacking?
You’re more likely to inadvertently download malware than be a victim of juice jacking. Echoing the findings of Snopes, “there’s no evidence that juice jacking is a real thing,” said Kevin Beaumont, a cybersecurity expert based in Manchester, England, and author of the DoublePulsar blog.
If you’re truly desperate, chances are, you’ll probably be okay using a public charging station. But as the Boy Scouts would say, it’s best not to find yourself in such a situation. “People should treat any USB port they come across as if it’s someone’s computer. Would you plug your phone into a stranger’s computer?” said Chris Parker, host of the Easy Prey Podcast. Stick to these guidelines try and avoid being tempted:
Juice up at home, the office, or in your car
This way, you’ll always be topped off when you need to use your device while unplugged.
Take your power cord with you
Charge your phone with the manufacturer’s power cord and use an electrical wall socket. This method prevents your phone from being compromised. Or take your own USB cable with you. “USB plugs are so small it’s just easier to always have your own USB plug and cable available,” said Parker.
Consider a portable battery
These on-the-go power sources are getting smaller and lighter. Charge it up before your trip and keep it handy for emergency situations.