HKCert
Security Blog

Beware of Juice Jacking when Charging Mobile Phones at Public Charging Stations

Release Date: 28 / 02 / 2020
Last Update: 28 / 02 / 2020

Many shopping malls, coffee shops and even public facilities nowadays are offering as part of enhanced customer services a complimentary charging station for their patrons to quickly recharge their mobile phones. However, users of such services may not realise that their phones could be subject to cyber attacks.

 

Known as “juice jacking”, hackers would load malwares on charging stations or cables they leave plugged in at the stations through special USB devices so they could infect the phones of unsuspecting users. Once a phone is plugged in one of the charging ports, the malware is automatically downloaded and installed on the device. The malware gives hackers the ability to access the phone remotely, gathering more data of its user such as personal information, GPS locations, social media interactions, photos, call logs and other ongoing processes.

 

Below are security tips from HKCERT for mobile phone users to avoid falling victim to juice jacking:

  1. Use power-only USB cable / USB data blocker dongle to avoid USB data connection;
  2. Use own USB charging AC adaptor for charging at electrical outlets;
  3. Do not grant trust if the portable devices prompt for allowing USB data connection;
  4. Install security software and update latest virus definition to minimise the risk of malware infection;
  5. Keep your portable devices up-to-date with latest software patches;
  6. Use own mobile battery (a.k.a. power bank) or power bank rental service whenever possible.