We have heard of Hacking, but never of Jacking...So, What's up with Juice Jacking?
Here's the answer:
This setup, data/power on the same cable, offers an approach vector for a malicious user to gain access to your phone during the charging process; leveraging the USB data/power cable to illegitimately access the phone’s data and/or inject malicious code onto the device is known as Juice Jacking.
This sort of exploit is hardly a new blip on the security radar, however. Two years ago at the 2011 DEF CON security conference, researchers from Aires Security, Brian Markus, Joseph Mlodzianowski, and Robert Rowley, built a charging kiosk to specifically demonstrate the dangers of juice jacking and alert the public to just how vulnerable their phones were when connected to a kiosk–the image above was displayed to users after they jacked into the malicious kiosk. Even devices that had been instructed not to pair or share data were still frequently compromised via the Aires Security kiosk.
This mechanism, intended to make using your iOS device painless and enjoyable, can actually create a rather painful state: the kiosk you just recharged your iPhone with can, theoretically, maintain a Wi-Fi umbilical cord to your iOS device for continued access even after you’ve unplugged your phone and slumped into a nearby airport lounge chair to play a round (or forty) of Angry Birds.
Is it risky right now?Is it that alarming?
At present, it isn't availing much. Currently, juice jacking is a largely theoretical threat, and the chances that the USB charging ports in the kiosk at your local airport are actually a secret front for a data siphoning and malware-injecting computer are very low. This doesn’t mean, however, that you should just shrug your shoulders and promptly forget about the very real security risk that plugging your smartphone or tablet into an unknown device poses.
But, you can save your phone from such issues.
Know How...!!!
Here is how to avoid juice jacking...
Keep Your Devices Topped Off: The most obvious precaution is to keep your mobile device charged. Make it a habit to charge your phone at your home and office when you’re not actively using it or sitting at your desk doing work. The fewer times you find yourself staring at a red 3% battery bar when you’re traveling or away from home, the better.
Carry a Personal Charger: Chargers have become so small and lightweight that they scarcely weigh more than the actual USB cable they attach to. Throw a charger in your bag so you can charge your own phone and maintain control over the data port.
Carry a Backup Battery: Whether you opt to carry a full spare battery (for devices that allow you to physically swap the battery) or an external reserve battery, you can go longer without needing to tether your phone to a kiosk or wall outlet.
Lock Your Phone: When your phone is locked, truly locked and inaccessible without the input of a PIN or equivalent passcode, your phone should not pair with the device it is connected to. iOS devices will only pair when unlocked–but again, as we highlighted earlier, pairing takes place within seconds so you had better make sure the phone really is locked.
Power the Phone Down: This technique only works on a phone model by phone model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
Disable Pairing (Jailbroken iOS Devices Only): Jonathan Zdziarski, a security researcher released a small application for jailbroken iOS devices that allows the end user to control the pairing behavior of the device. You can find his application, Pair-lock here @:
Ultimately, the best defense against a compromised mobile device is awareness. Keep your device charged, enable the security features provided by the operating system (knowing that they aren’t foolproof and every security system can be exploited), and most importantly avoid plugging your phone into unknown charging stations and computers the same way you wisely avoid opening attachments from unknown senders.
Techies say technology can save your privacy but it's time to save your privacy yourself!!!
No comments:
Post a Comment