Skip to main content

Beware of Juice Jacking

USB Security; locked and secured green USB device
Michigan Attorney General Logo

Beware of Juice Jacking

Juice Jacking is a type of cyberattack where data is stolen from a smartphone, tablet, or another electronic device while being charged at a public charging kiosk. This happens when hackers install and hide a skimming device inside the USB ports of the kiosk. 

When phones are plugged in to charge, the skimming device transfers data to or from the phone. It can install malware, lock the phone, or steal personal data. It provides access to sensitive information such as passwords and other credentials, credit card and bank account numbers, and even contacts. 

Criminals will also intentionally leave charging cables at the kiosk or pass them out as a promotional gift. These cables may also be infected with malware that will download to the device when connected. 

There are two ways juice jacking works. 

  • Data theft: During the charge, data is stolen from the connected device. Within seconds, cybercriminals can steal data from connected mobile devices through a hidden skimming unit placed inside the USB port.
  • Malware installation: As soon as the connection is established, malware is dropped on the connected device. The malware remains on the device until it is detected and removed by the user. Some malware leaves no trace and is hard to detect. 

Public charging kiosks are inexpensive to use and offer a convenient and efficient way to charge multiple devices at once. They can be a lifesaver for traveling and business. However, charging kiosks do attract cyber criminals.

If you need to use a charging kiosk, be wise and stay safe. 

  • Stay away from public charging kiosks or portable wall chargers if you can. If you must charge your phone at a public venue, use the charging cord and adaptor that came with your phone and plug into an AC socket or wall outlet.
  • If you do plug your device into a USB port at a kiosk and a prompt appears asking you to select “share data” or “charge only,” always select “charge only.”
  • Carry a portable battery charger or power bank with you. Some are able to charge other electronic devices as well, such as a digital camera or a smartwatch. They can even recharge a mobile device multiple times on one charge.
  • Use a USB data blocker or juice-jack defender and attach it to your charging cable. For just a few dollars, these adaptors allow a power transfer to the device without connecting the data transfer pins inside the USB port. In simple terms, they can block malware while still allowing the device to be charged.
  • Avoid using charging cables and power banks that seem to be left behind. Consider any random technology left behind as suspect.

Malware can go undetected for an extended period of time. This leaves the device and sensitive data exposed. There are steps to take if you suspect malware on your device.

  • Install security software to help identify the malware and clean your device.
  • Delete any apps that you did not download, risky texts, and browsing history. 
  • Clear the cache on your device.
  • Change passwords. 

For More Information