cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
niraj
Viewer

HOW TO PROTECT YOURSELF FROM JUICE JACKING

Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.

 

Read more >> https://internetofsecurity.org/cyber-quotient/how-to-protect-yourself-from-juice-jacking/

3 Replies
rslade
Influencer II

> niraj (Viewer) posted a new topic in Tech Talk on 06-30-2019 07:03 AM in the

> https://internetofsecurity.org/cyber-quotient/how-to-protect-yourself-from-juice
> -jacking/

Rather simplistic, innit? I mean, it doesn't even mention the many settings you
can make/change in order to turn off (or, at least, restrict) the various forms of
"autoplay" that USB attacks rely on.

Also, a note about power banks. I've been carrying them for a few years now. In
an emergency they can give you several hours (depending upon device) of use, but
I note that, somehow, the charging ability seems questionable. In a recent
situation, I managed to get up to 56% charge showing, by the time I got home and
turned my phone off. The next day, it was only showing 18% ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
On the plus side, it won't be long before there's a government
reward for killing him. - Dilbert, 20050828
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Frank_Mayer
Contributor I

Good point but I would like to point out that while the mitigation strategies outlined in the article are of some value, professionals need to dig a bit deeper.  Here is a relatively recent article on the topic that digs much deeper, refer to Spaniel, D, and Eftekhari, P., (2018, October).The USB Threat No One is Talking About. Retrieved from URL.  https://icitech.org/wp-content/uploads/2018/10/ICIT-Brief-The-USB-Threat-No-One-is-Talking-About.pdf  

 

The KEY mitigation needs to be manufacturers of smart phones doing a better job of engineering their product and while some improvements have been made, much more needs to be done.  Information Technology (IT) needs to be held to a much higher standard than it is now.  IT manufactures get away with quality defects that have become unacceptable in most other types of manufacturing. 

 

This quote from the article cited above nails my point "until the public exerts financial pressure on the insecure vendors, it is unlikely that USB suppliers will improve their practices."  The entire IT community needs to stop muddling through the need to address the escalating threat and needs to get on with a cultural change of how the world views IT.  This is part of our job as information systems security professionals.

 

There was a time we charged cell phones with plug in adapters and connectors that could not transfer data because they were physically and logically designed only to provide power and were by core design unable to do anything else. 

 

On the other hand, there are those who prefer the muddle through approach since the IT Industry seems to prefer it and since the pain is not severe enough (that is the realized impact) to warrant serious rethinking of what we are doing refer to Schneier, B. (2015, March/April). The Security Value of Muddling Through. Retrieved from URL. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7085965 

Respectfully,

Francis (Frank) Mayer, CISSP EMERITUS
JoePete
Advocate I


@niraj wrote:

Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB.


I think this is more a symptom of a larger problem than a problem unto itself. I've had a cellphone since the mid 1990s and have never been in a situation where I ran out of power or needed to use anything other than a plug socket in my home or workplace. I think the real issue is a matter of device addiction. Combine that with the fact that many of the people who need to charge up during the day do so because they are running with GPS, bluetooth, WiFi, constantly on. In other words, their attack footprint likely is much wider than just a charging station.

 

Like a lot of security issues, the problem isn't technical. It's cultural. There is a segment of the population that needs to be constantly connected and constantly immersed in their digital world. That's why they are vulnerable.