By: Mark Sheldon Villanueva on December 10th, 2021
What is Juice Jacking, and How Do I Avoid It?
Bring your own device (BYOD) programs; you've probably not thought too much about it. It makes business sense, especially for new and small organizations. In fact, implementing a sound BYOD policy can yield lots of advantages.
According to a Cisco study, companies leveraging BYOD practices benefited from an average of $350 in savings for every employee each year. However, it's also vital to note that the practice is risky.
There are a lot of potential threats that you need to watch out for when your team is allowed to use their own devices in the office. And, no matter how strong your policy is, it's not fool-proof.
While you might have some measure of control over your team's devices during office hours or on-site, you won't have that same benefit once they log off or leave the premises. How confident are you that one of your team members won't need to charge their devices on a public charging kiosk? Your answer is probably not at all. If it is, then you should be concerned about juice jacking.
It's a threat that can easily go under the radar and compromise your cybersecurity. But what is it, and how do you avoid it? We can help you with that.
ITS has over a decade of experience helping businesses like yours manage their technology and bolster their cybersecurity. In this article, we'll help you understand what juice jacking is, the threats it can pose for your business, and everything you can do to avoid it.
What is Juice Jacking?
Juice jacking is a security exploit wherein a threat actor hijacks a USB charging station to compromise connected devices. Charging cables can double as a charger and a device to transfer data, and Cybercriminals can take advantage of that functionality.
The USB cord opens a pathway into your device during the charging process that allows them to share information. That process can easily be exploited when a criminal hijacks the port to install malware or spyware directly onto the device. That allows them to easily access the device, which can either expose vital business information or infect more devices across your network.
That means if one of your team members decides to use a public charging kiosk, they could be opening themselves or your business up to potential threats.
Main Threats to Your Business from Juice Jacking
If your organization is implementing a BYOD policy, it's important to take note of the potential threats that juice jacking can bring to your business. Take a look at some of the main risks you might face:
Our smartphones are filled with our personal information. If a cybercriminal can gain access to those, we open ourselves up to identity theft which could lead to serious consequences for your business. A malicious individual could easily log in to your social media accounts, gain access to emails and personal messages and assume your identity.
Aside from stealing your identity, cybercriminals can also try accessing your organization's vital information, from your clients' data to login credentials and more. Especially dangerous if your team is using that same infected device for work. It can also spread to other devices making the potential for a widespread data breach even more dangerous and costly.
According to a report from IBM and the Ponemon Institute, the average cost of a data breach among companies reached $4.24 million per incident in 2021, the highest recorded in 17 years.
Malware and Spyware
Cybercriminals can install malware that can clone your phone's data and transfer it back to their own device. They can also upload spyware that can help them gather data such as your GPS location, financial info, social media interactions, call logs, and more. Or, they can choose to encrypt or freeze your phone then demand payment to restore it.
Other types of malware that threat actors can transfer on your phone include adware, crypto miners, Trojans, and ransomware.
Ways to Avoid Juice Jacking?
If there's anything that can thwart the threats of juice jacking, it's one thing: good habits. Practice the following habits below to avoid becoming a victim.
Charge at Home
Make it a habit to top-up all your devices at home to prevent the need for charging when you're out and about. Plugging into a public charging port opens you up for juice-jacking attacks.
Bring Your Own Charger
Don't forget to bring your own charger so you can use a socket when you plugin instead of relying on a public charging station. Using an electric socket instead of a public port helps avoid data transfers through your cable.
Carry a Spare Battery or Power Bank
A spare battery or power bank will come in handy should your battery run low, preventing the need to charge at unsafe locations.
Lock Your Phone
Locking your phone with either a password, fingerprint, or pattern adds an extra layer of security for preventing juice-jacking attacks.
Keep Your Phone Off
You can also choose to shut off your phone when charging, but this depends on the make and model of your smartphone. Some models still power the USB circuit and allow access to flash storage despite being powered down.
Use Power-Only Cables
Power-only cables do not have the two wires necessary for transmitting data. They will still charge your device but data transfer is impossible.
Use a Data Blocker
Are small devices that you can connect at the end of your charging cable that goes into the charging socket. Similar to how power-only cables work, data blockers prevent access to your data but retain the ability to transmit power.
Educate Your Team
Preventative measures only work when everyone is involved and knows how to do things properly. Make sure to educate your team on proper habits, especially if you're implementing a BYOD policy. Let them know that these measures aren't just to keep your business safe; they could help keep their personal information safe as well.
Want to Secure Your Devices from Juice Jacking?
BYOD policies may make business sense, but it's risky business. Keeping track of your team's devices is vital. However, it can all be undermined if you and your team don't practice good habits. Ensure your team knows how security threats like juice jacking can affect them personally to help drive them into following practices that can also keep your business safe.
At ITS, we've helped businesses that have BYOD programs improve their productivity while also securing their data. Read our article to learn more about BYOD best practices before implementing them for your business.