Connect the smartphone to a USB port in the bus or hotel? Better think again!
If you, like many other people at the moment, travel a lot with public
means of transport and on the way home want to charge the almost empty
smartphone conveniently on the way home, you've probably plugged it into a
times (almost) plugged it into a free USB port on the train or bus.
Can you imagine that your smartphone could be exposed to an attack just by plugging it in?
Could be exposed to an attack? No? Unfortunately, this is the case.
Juice Jacking
The attack method known as juice jacking refers to the targeted
infection of end devices (smartphones, etc.) with malware via publicly accessible
USB charging stations or cables connected to them. These can now be found in many
many public places, e.g. in public transport, hotels or even airplanes.
Technical basics
With USB, both power and data flow over one and the same cable.
Data can be transferred in both directions (to the USB port/cable and to the connected device).
If the end device is not protected, it can be infected with malware.
Attack scenarios
Juice jacking can be used, for example, to launch attacks in the form of data theft or the installation of keyloggers.
Smartphones are therefore an extremely attractive target. But other "intelligent" devices that are charged via USB are also conceivable targets are conceivable targets. Juice jacking is a possible infection vector for Advanced Persistent Threads.
Relevance
There are no proven cases, but as in (almost) all areas of computer crime, what is technically possible will be done. In the following article, the relevance of Juice Jacking and the importance of protective measures are discussed controversially.
How can you protect yourself from such an attack?
The most effective protection against juice jacking attacks is hardware-based data blockers
data blockers such as the Data Blocker USB A/C from Nitrokey
In contrast to software-based solutions, the hardware blocker offers 100 percent protection
against such attacks, independent of the connected end device.
Read more
An extremely comprehensive article by a group of researchers can be found at the following link
Add new comment