Sophos expert Paul Ducklin has put various smartphones to the test and gives tips on security.

What is Juicejacking?

If you haven’t heard the cybersecurity buzzword “juicejacking,” don’t panic. attention in the early 2010s , but still plays a role in everyday smartphone life today - and has recently gained surprising new popularity due to current warnings, including from the FBI.

Let's start with a brief explanation of the term: People who travel, especially at airports where their phone charger is either stowed deep in their carry-on luggage or already in the hold of an airplane, are often plagued by charging anxiety. The specter of the empty battery, which has haunted us since the launch of mobile phones, still haunts the smartphone world today and, despite power banks etc., means that every opportunity to fill the battery is used, especially when traveling - for In the event that this will no longer be possible in the near future.

What happens behind your back when you juicejack?

And this is where the juicehacking criminals come into play. Smartphones are generally charged using USB cables, which are specifically designed to transfer both power and data. So what if there's a computer at the other end of the charging station that not only delivers 5 volts of DC power, but also tries to interact with your phone behind your back? The simple answer is that you can't be sure.

This is precisely why both Apple and Google have long introduced default settings that take the element of surprise out of the equation by initiating a security prompt asking whether the new source should be trusted when connecting to an unknown device. Apart from the fact that users can of course still be tricked or persuaded to trust a new device, theoretically no data can be accessed behind the back of the owner without the owner taking action themselves.

That's why recent warnings from the FBI and FCC that criminals are using public USB ports to introduce malware and surveillance software onto devices are somewhat surprising.

To avoid any misunderstandings: it is definitely advisable to use your own charger whenever possible and not to rely on unknown USB plugs or cables. Not least because no one can know how safe or reliable the voltage converter in the charging circuit is.

How secure is the data?

But what about the risk of personal data being secretly sucked up by a charger that's also acting as a host computer and trying to take control of the connected device without permission? Do the security improvements introduced with the Mactans juicejacking tool in 2011 still apply?

Sophos expert Paul Ducklin to the test and comes up with a conclusion based on connecting an iPhone (iOS 16) and a Google Pixel (Android 13) to a Mac (macOS 13 Ventura) and a Windows 11 laptop (2022H2 build). The result: Yes, the queries continue to serve their purpose. First, no phone would automatically connect to macOS or Windows the first time it was connected, regardless of whether it was locked or unlocked. In addition, approval pop-ups clearly indicate that a third-party device wants to access - which must be actively confirmed.

But since, as we all know, the devil is in the details, smartphone owners can play it safe despite these good security barriers.

You should pay attention to the following things:


  • If possible, avoid unfamiliar charging plugs or cables. Even a charging station set up in good faith may not have the desired electrical quality and voltage regulation. Also avoid cheap wall chargers or charging from your own laptop.
  • Lock or turn off your phone before connecting it to a public charger or someone else's computer. This minimizes the risk of accidentally exposing files to malicious activity. It also ensures that the device is locked if it is stolen from a multi-user charging station.
  • If you own an iPhone, you may consider not trusting all devices. This ensures you don't forget any previously trusted devices that you may have accidentally set up on a previous trip.
  • Consider purchasing a power-only USB cable or adapter jack. "Dataless" USB-A connectors are easy to identify because they only have two metal electrical connectors in their housing on the outer edges of the socket, rather than four connectors across the width. Note that the internal connections are not always immediately visible as they do not extend to the edge of the socket - so the power connections make contact first.

Source: Sophos

Already read? Be careful of competitions on Facebook where you can supposedly win tickets to zoos, animal parks or amusement parks! Mimikama warns: Zoo fake competitions are flooding Facebook


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )