A warning has been issued by the FBI, alerting travelers to the danger of public USB ports in places like airports, hotels, and shopping malls, where hackers can use them to introduce malware onto devices. This type of attack, known as “juice jacking,” occurs when criminals modify a charging kiosk with the intent to steal data. By using USB ports, malware is uploaded onto devices, putting passwords, credit card information, addresses, names, and other data at risk. Attackers can also track keystrokes, display ads, or add devices to a botnet, which is a network of private computers infected with malicious software and controlled as a group without the owners' knowledge. Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, has stated that up until very recently, a lot of security researchers did not believe this type of attack was feasible for criminals because the criminal must physically alter a USB port. However, criminals are now much more brazen and are using this method because of the financial reward. Warmenhoven also warns that it has become easier to execute, with the technology being cheaper and more accessible. To prevent juice jacking, Warmenhoven recommends that travelers use a power bank instead of a public USB port, invest in a USB data blocker, avoid using unknown charging cables, and restrict themselves to power sockets.
Juice jacking is a relatively new cyber attack that has recently grown in popularity due to two reasons. The first reason is that the data being gathered can earn the criminal a significant amount of money. The whole criminal data industry has grown so much that it is now a financially good investment for criminals to carry out juice jacking. The second reason is that it has become easier to execute, with the technology being cheaper and more accessible. Technically inexperienced attackers can now carry out a juice jacking attack by purchasing readymade cables for red teaming by Hak5. For less than $7, a technically savvy criminal can build a juice jacking device.
Warmenhoven believes that this type of cyberattack is difficult to detect until months or even years later. By the time the victim’s data reaches the end criminal, it may be too late, and the vacation is long over. Malware is stealthy, quietly sending data to a central place, which in turn sells it. It can take a really long time for the victim to notice if they have picked up malware, but if their phone starts working unusually slowly, or it feels hotter than usual, there is a good chance that they have.
Prevention is the best way to protect oneself from juice jacking. Warmenhoven has suggested a few ways that travelers can protect themselves. One way is to use a power bank instead of a public USB port. Power banks are safe and convenient. They are a portable charger that means the traveler never has to use a public USB port.
Another way to prevent juice jacking is to use a USB data blocker, which is a small, inexpensive device that looks like a thumb drive but has an open USB port on the back end. They plug directly into USB ports, acting as a shield between the port and the device. A USB data blocker cuts two or three wires in the middle of a USB connection, allowing electricity to transfer to the device but not malware. USB data blockers are available on Amazon.com as well as in big box stores like Walmart and Staples for as little as $3 apiece.
Warmenhoven also warns travelers to never use unknown charging cables. Beware of using cables that appear to be left behind by other travelers in airport lounges and hotel lobbies. The O.M.G. cable from Hak5 is an attack device that looks like a normal cable, and it can be loaded up with a malicious payload. Instead, travelers should bring their own charging cables and ensure they purchase them from reputable sources.
Another important tip for travelers is to avoid connecting to public Wi-Fi networks whenever possible. Public Wi-Fi networks are often unencrypted, meaning that any information transmitted over the network is easily visible to anyone with the right tools. Hackers can easily set up fake Wi-Fi hotspots in public areas, luring unsuspecting travelers to connect to them and then stealing their sensitive information.
To protect yourself while traveling, it's recommended to use a virtual private network (VPN). A VPN encrypts your internet traffic, making it impossible for hackers to intercept or steal your data. There are many reputable VPN providers available, and it's worth investing in a good one before you embark on your travels.
Finally, it's important to stay vigilant and aware of your surroundings while traveling. Be wary of anyone who appears to be watching over your shoulder while you're using your phone or laptop, and avoid using ATMs in unfamiliar areas. Taking simple precautions like these can go a long way in protecting your sensitive information while you're on the road.