Skip to content

What is Juice Jacking and How to Avoid it

Every day, thousands of busy travelers, commuters and just people out running errands use public charging stations to power up their phones, laptops and more. These kiosks seem convenient—and they are! But many are a front for a sinister scheme to steal your data and leave malware on your devices. 

Just as advancing technology has brought about the need for public USB stations, hackers have developed a means to hijack these stations. This crime, referred to as juice jacking, will likely become more and more common. 

Consider this, everything you store on your phone from your photos to your login credentials to Gmail and Amazon and even your digital wallet—everything is up from grabs if you plug into an infected USB port. 

You can think of juice jacking almost as you would an ATM skimmer. The device looks safe enough and works for your intended purpose; however, behind the scenes, everything you just physically connected to the hacked equipment is now compromised. 

All of a sudden, you’re missing data (and quite possibly cash), your phone has a virus, and you’re wishing you would’ve just bought that portable battery you had your eye on. But hope is not lost. The best defense against juice jacking is to learn how hacking a charging station works. When you’re aware of the risks, you can prepare for the worst.

What is juice jacking, anyway?

This term may sound like the latest trend in fitness drinks, but the reality is much worse. Juice jacking is when a USB outlet or charging cord already connected to an outlet has been altered to not only provide power, but also to collect information. We’re talking about a hacked charging station.

To do this, hackers install fully automated malware onto digital charging stations. This way, they don’t need to be nearby, or even in the vicinity, to collect information and infect connected devices. This malware usually includes crawlers, literally designed to pour over the minutiae of your data to find the most valuable components, which are typically financial.

Hacking a charging station is pretty easy for a seasoned hacker, and this rogue software can be installed on any public charging station. Once installed, a juice jacked charging station has the ability to collect any and all information from your smartphone, tablet, laptop or another connected device. Fortunately, many devices, by default, only allow power exchange when charging via USB. But not always.

What are the risks?

The two biggest concerns when thinking about public USB stations and juice jacking are data theft and malware.

–Data theft

From a security perspective, this is huge. If your device is compromised by juice jacking, everything you do on your device can become public information.

This includes, but isn’t limited to, login credentials for eCommerce, shopping and other transactional websites, access to personal emails, documents and photos, and the ability to use your digital wallet. And, perhaps the worst outcome of all, access to your personal banking information.

Nearly half of all Americans use online banking and about 25 percent do their digital banking on their mobile device. If you’re one of them, using a hacked charging station is a huge risk.

–Malware

Malware is another risk of juice jacking. When you connect to a hacked charging station, you’re introducing a whole host of rogue software with the ability to annihilate your device.

With malware, hackers are usually playing the long game. They want to use the malware to get a sense of who you are, what you spend money on and how you interact in the digital world before they strike. This way, their fraud is much more difficult to identify. The period of stalking can go on for weeks or even months before you realize your digital identity has been compromised.

Malware comes in many forms and doesn’t always aim to compromise the identities or finances of its victims. Malware could use cryptominers to search through a phone’s CPU/GPU for cryptocurrency and drain its battery. You could also have ransomware encrypting files and/or devices for ransom.

Spyware is another type of malware used for long-term monitoring. And of course, there are the dreaded Trojans with the ability to look into the depths of your device and trigger all kinds of chaos when least expected.

The bottom line, malware is out there and often goes unnoticed until the result is data or functionality loss for your device. Because this type of attack is so hard to track, prevention is all the more important to ensure you won’t fall victim to malware from a hacked charging station.

Can you prevent juice jacking?

Preventing juice jacking is simple, all you have to do is not use public charging stations. But sometimes, avoiding digital charging stations is easier said than done. If you find yourself in a situation where you’ve got to get charged up, here’s what you can do.

First, consider keeping an external battery or power bank handy. These are especially helpful when traveling. Some find carrying around such devices annoying or may not want to pay $20 (or so) for a secondary power source. But the inconveniences pale in comparison to the headache of data theft or malware attack.

Depending on where you are, you may be able to find an unused outlet not associated with a public charging station. Of course, there’s a risk of juice jacking when using any power source you aren’t familiar with, but the risks of using random AC outlets are far less than using a public USB station.

If a public charging station is the only option, and you’ve got to get powered up, there is something to keep your data and your device safe. There are adapters available to block data transfer during a charge.

Aptly called “USB condoms,” these devices simply attach to your existing power cord and prevent information from flowing back to the charging station. So even if you’re using a hacked charging station, you can’t get juice jacked.

What to do if you’re juice jacked

Fortunately, many mobile phone developers are on the case and developing consumer protections. You may have already experienced this on your Apple and Android devices. When you connect your device to a new computer, you should receive an alert asking if you trust the computer. If you get this alert when you’re simply trying to connect to a public charging station, there’s definitely something wrong! Unplug your device, and let someone, who can fix the problem, know.

But just because there may be a layer of protection built into your device, it isn’t an excuse to be less vigilant. Juice jacking can happen when plugged into any public power source, and your phone might not always prompt you to ensure the connection is safe. Despite your best efforts to protect your device, things happen, and juice jacking can be a real threat to your data. 

If one of your devices has fallen victim to a hacked charging station, don’t delay. Contact a data recovery specialist to save your information today!

Mike Cobb, Director of Engineering and CISO
As Director of Engineering, Mike Cobb manages the day-to-day operations of the Engineering Department, including the physical and logical recoveries of rotational media, SSDs, smart devices and flash media. He also oversees the R&D efforts for past, present, and future storage technologies. Mike encourages growth and ensures that each of the departments and their engineers continues to gain knowledge in their field. Each DriveSavers engineer has been trained to ensure the successful and complete recovery of data is their top priority.

As Chief Information Security Officer (CISO), Mike oversees cybersecurity at DriveSavers, including maintaining and updating security certifications such as SOC 2 Type II compliance, coordinating company security policy, and employee cybersecurity education.

Mike joined DriveSavers in 1994 and has a B.S. degree in Computer Science from the University of California, Riverside.

Back To Top
Search