Juice Jacking

Draft of Sunday, November 17, 2019

by Rich Pasco

I have been asked to comment on a recent flood of warnings about “Juice Jacking,” defined as tainted USB power outlets designed to steal data from, or install malware onto, any device plugged into them. People are terrified to plug their phones, tablets, and laptops into the USB power outlets now almost as ubiquitous as AC power outlets in airports, cafes, and other public places.

In my opinion, these warnings are mostly sensational fear-mongering on the part of news publishers and purveyors of identify-protection services. This is another one of those things where a warning message “goes viral” and the number of instances of the warning messages vastly outnumber the instances of the thing being warned about (see my article E-mail viruses). It can happen, but...

  1. To be vulnerable, your device would have to be configured to grant control to any device plugged into its USB port, a setting which I don't recommend. Check your device's documentation.
  2. Public USB power ports (maintained by appropriate authorities) offer pure DC, no data whatsoever. For them to be malicious, a hacker would have to surreptitiously rewire them. This is easier to imagine than to actually do.
  3. For complete protection, don't use a full USB data cable; use one with just the DC power wires and not the data wires. Such cables are often shipped with external batteries, or can be purchased separately as “Data Blocker” cables. See Products below.

So here's how you can help: If you are aware of a documented incident where an individual's privacy was actually compromised by a juice-jacking attack, please contact me giving me the location of the tainted USB port, the name of the victim, and a link to a report documenting additional details. I am not interested in more warnings of what could happen, just reports of what did happen.

For more information

Articles

Products

Index to all of Rich Pasco's articles on e-mail and viruses

Rich Pasco's home page

Copyright © 2001-2017 Richard C. Pasco. All rights reserved.