FBI Portland
Beth Anne Steele
(503) 460-8099
November 3, 2020

Oregon FBI Tech Tuesday: Building a Digital Defense Against Juice Jacking

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against juice jacking.

It sounds like a health food kick, but it can be dangerous for you and your electronics. Even with the pandemic, some people must travel for work or personal reasons. After a long day on the road, you finally make it to your hotel and realize your cell phone is almost dead. You are happy to see that your home-away-from-home has modern conveniences like a USB charger in the nightstand or lamp.

Ah, if it were only that safe and easy.

Our friends at the FCC warn that you should avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware. USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, bad actors figured out they could abuse USB connections to hide and deliver secret data payloads that a user might think was only transferring electrical power. This is called “juice jacking.”

There is also “video jacking,” where a bad actor could record and mirror the screen of a device that was plugged in for a charge. Another potential problem: that free USB cable you got as a promotional item can also be risky. Microcontrollers and electronic parts have become so small these days that criminals can hide mini-computers and malware inside a USB cable itself.

Here’s how to protect yourself:

  • Avoid using a USB charging station. Use an AC power outlet instead.
  • Bring AC chargers, car chargers, and your own USB cables with you when travelling.
  • Carry a portable charger or external battery, and only use your own, personal cables purchased from a trusted supplier.
  • Consider carrying a charging-only cable, which prevents data from sending or receiving while charging.

If you have been victimized by a cyber fraud, be sure to file a report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.