Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.
Read more >> https://internetofsecurity.org/cyber-quotient/how-to-protect-yourself-from-juice-jacking/
Good point but I would like to point out that while the mitigation strategies outlined in the article are of some value, professionals need to dig a bit deeper. Here is a relatively recent article on the topic that digs much deeper, refer to Spaniel, D, and Eftekhari, P., (2018, October).The USB Threat No One is Talking About. Retrieved from URL. https://icitech.org/wp-content/uploads/2018/10/ICIT-Brief-The-USB-Threat-No-One-is-Talking-About.pdf
The KEY mitigation needs to be manufacturers of smart phones doing a better job of engineering their product and while some improvements have been made, much more needs to be done. Information Technology (IT) needs to be held to a much higher standard than it is now. IT manufactures get away with quality defects that have become unacceptable in most other types of manufacturing.
This quote from the article cited above nails my point "until the public exerts financial pressure on the insecure vendors, it is unlikely that USB suppliers will improve their practices." The entire IT community needs to stop muddling through the need to address the escalating threat and needs to get on with a cultural change of how the world views IT. This is part of our job as information systems security professionals.
There was a time we charged cell phones with plug in adapters and connectors that could not transfer data because they were physically and logically designed only to provide power and were by core design unable to do anything else.
On the other hand, there are those who prefer the muddle through approach since the IT Industry seems to prefer it and since the pain is not severe enough (that is the realized impact) to warrant serious rethinking of what we are doing refer to Schneier, B. (2015, March/April). The Security Value of Muddling Through. Retrieved from URL. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7085965
@niraj wrote:Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB.
I think this is more a symptom of a larger problem than a problem unto itself. I've had a cellphone since the mid 1990s and have never been in a situation where I ran out of power or needed to use anything other than a plug socket in my home or workplace. I think the real issue is a matter of device addiction. Combine that with the fact that many of the people who need to charge up during the day do so because they are running with GPS, bluetooth, WiFi, constantly on. In other words, their attack footprint likely is much wider than just a charging station.
Like a lot of security issues, the problem isn't technical. It's cultural. There is a segment of the population that needs to be constantly connected and constantly immersed in their digital world. That's why they are vulnerable.