Those creepy juice jacking warnings at airports and hotels? It's nonsense
Those creepy juice jacking warnings at airports and hotels? It's nonsense
Enlarge
Aurich Lawson | Getty Images
Federal authorities, tech experts, and the media want you to be on the lookout for a creepy cyberattack that can hack into your phone when you do nothing more than plug it into a charging station. public charging. These “juice jacking” warnings, as the threat is now known, have been circulating for over a decade.
However, earlier this month, juice jacking fears reached a new height when the FBI and the Federal Communications Commission issued new baseless warnings that generated disturbing reports from hundreds of media. NPR reported that the crime is "becoming more prevalent, perhaps due to increased travel." The Washington Post said it was a "significant privacy risk" that can identify web pages loaded in less than 10 seconds. CNN warned that by simply connecting to a malicious loader, "your device is now infected". And a Fortune headline warned readers: "Don't let free USB charging drain your bank account."
Halley's comet of cybersecurity is scary
The juice jacking scenario looks like this: a hacker installs equipment in an airport, shopping mall, or hotel. The equipment mimics the look and functions of normal charging stations, which allow people to charge their mobile phones when they run out of power. Unbeknownst to users, the charging station surreptitiously sends commands through the charging cord's USB or Lightning connector and steals contacts and emails, installs malware, and does all sorts of other nefarious things. /p>
"Malware installed through a corrupted USB port can lock down a device or export personal data and passwords directly to the author," the FCC warned earlier this month. "Criminals can then use this information to gain access to online accounts or sell them to other malicious actors. In some cases, criminals may have intentionally left cables plugged into charging stations. There have even been reports of infected cables distributed as giveaways."
A few days earlier, the FBI's Denver field office issued its own juice jacking alert, writing, among other things, "Malicious actors have found ways to use public USB ports to introduce malware and software monitoring on devices". Not to be outdone, Michigan Attorney General Dana Nessel said juice jacking "is yet another nefarious way bad actors discover that allows them to steal and profit from what doesn't belong to them. ".
Unlike government communications, the vast majority of cybersecurity experts not warn that juice jacking is a threat unless you are the target of nation-state hackers. There are no documented cases of juice jacking ever in the wild. The warnings do not mention that modern iPhones and Android devices require users to click an explicit warning before they can exchange files with a device connected by standard cables.
The initial warning seen when plugging in an iPhone.
The next screen, which requires a password.
Federal authorities, tech experts, and the media want you to be on the lookout for a creepy cyberattack that can hack into your phone when you do nothing more than plug it into a charging station. public charging. These “juice jacking” warnings, as the threat is now known, have been circulating for over a decade.
However, earlier this month, juice jacking fears reached a new height when the FBI and the Federal Communications Commission issued new baseless warnings that generated disturbing reports from hundreds of media. NPR reported that the crime is "becoming more prevalent, perhaps due to increased travel." The Washington Post said it was a "significant privacy risk" that can identify web pages loaded in less than 10 seconds. CNN warned that by simply connecting to a malicious loader, "your device is now infected". And a Fortune headline warned readers: "Don't let free USB charging drain your bank account."
Halley's comet of cybersecurity is scary
The juice jacking scenario looks like this: a hacker installs equipment in an airport, shopping mall, or hotel. The equipment mimics the look and functions of normal charging stations, which allow people to charge their mobile phones when they run out of power. Unbeknownst to users, the charging station surreptitiously sends commands through the charging cord's USB or Lightning connector and steals contacts and emails, installs malware, and does all sorts of other nefarious things. /p>
"Malware installed through a corrupted USB port can lock down a device or export personal data and passwords directly to the author," the FCC warned earlier this month. "Criminals can then use this information to gain access to online accounts or sell them to other malicious actors. In some cases, criminals may have intentionally left cables plugged into charging stations. There have even been reports of infected cables distributed as giveaways."
A few days earlier, the FBI's Denver field office issued its own juice jacking alert, writing, among other things, "Malicious actors have found ways to use public USB ports to introduce malware and software monitoring on devices". Not to be outdone, Michigan Attorney General Dana Nessel said juice jacking "is yet another nefarious way bad actors discover that allows them to steal and profit from what doesn't belong to them. ".
Unlike government communications, the vast majority of cybersecurity experts not warn that juice jacking is a threat unless you are the target of nation-state hackers. There are no documented cases of juice jacking ever in the wild. The warnings do not mention that modern iPhones and Android devices require users to click an explicit warning before they can exchange files with a device connected by standard cables.
The initial warning seen when plugging in an iPhone.
The next screen, which requires a password.
Enlarge
Aurich Lawson | Getty Images
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
