If you plug your phone into a USB charging port say at an Airport you could be at risk of a threat they are calling “Juice Jacking” have a read about it at this link http://thenewdaily.com.au/life/tech/2017/02/20/juice-jacking-public-risk/
6 Likes
Nice one, thanks for sharing. A good reason to get hold of a power bank!
This has been known as a threat in the IT world for a few years now (I remember reading something on it like 2014 or so).
Best way to avoid the threat (if you “must” recharge at a public point) is as the article states - use a battery bank to charge your device then only recharge the battery bank at such a public point, or even use the battery bank as a ‘surge protector’ (like a UPS for your PC) to pass through the charge from the point to the phone, filtering out any data signals (the banks have power regulation circuits but don’t pass data through to devices as they don’t accept data over the charging port).
4 Likes
I was surprised that this is still around as a threat, but then I realised that some people are using mobile devices that may be quite old.
The default behaviour of modern android devices is to treat the USB connection as “Just charge this device”. You explicitly have to change the connection type to eg “Transfer files” to enable data access.
I just tried the same thing with an iPhone, and it prompts “Allow this device to access photos and videos ?”.
I don’t have a Windows phone handy.
3 Likes
We as a society have changed the way we use our Smartphones and Tablets. It may have been that in the past we only charged our phones and did not seek to use them as data devices when connected via USB. These days we are using them more and more as a means of getting and sending data thru USB sticks, OTG, and data transfer using web connected devices. The default of “Just Charge this Device” is often changed to allow devices to use the internet and other devices through USB connections. Many people then don’t change these behaviours/options and this leads to vulnerabilities like the threat discussed above. Since Android 6 some access control has also been given to Apps and as evidenced by the Pokemon App some requested access was very promiscuous.
Please note the infection does try to defeat any security you have on your phone, this includes settings:
“Using this information, a compromised USB port can then select the appropriate method to defeat security and install malicious software on the device, or simply siphon data from the handset.”
I also think the demonstrated threat was not against just older equipment as many attendees at the conference held this month where this was demonstrated would be using very current devices.
"Dubbed ‘Juice Jacking’, the vulnerability was demonstrated last week at the annual RSA Security Conference, in San Francisco, when security outfit Authentic8 set up a number of USB power outlets for attendees to charge their mobile devices.
“Just by plugging your phone into a [compromised] power strip or charger, your device is now infected, and that compromises all your data,” Authentic8 Head of Marketing, Drew Paik, told CNN."
1 Like
There are “charge only” cables available too, no data lines in them. So this would not be a problem for those type cables.
3 Likes
Apologies. I didn’t make my original post very clear. On an android device, the default behaviour applies on each USB connection event. For example, if you override the default and allow your phone’s data to be accessed, that access is only allowed until such time as the USB is disconnected. When you next connect via USB, data access is again blocked unless you explicitly allow it.
I’m going to refer to our CHOICE Computer team for further investigation.
3 Likes
Having discussed with the CHOICE Computer team, I have little to add. It seems that some manufacturers may, for the sake of ‘convenience’, make android a bit less secure than intended. I can’t comment on iOS or Windows.
Whilst we’ve seen no evidence of the threat in the wild, all of the suggestions are wise: charge with a charge-only cable, use a power bank, or use an AC adapter instead.
2 Likes
Here’s our review of powerbanks (member content) in case anyone is looking at buying one after reading this thread.
5 Likes
Thanks for this advice. Any recommendations on good power banks. I bought one at the airport and it was a dud.
I have had issues as well with powerbanks not working because they weren’t approved by Apple.
I’m personally using a semi-generic 5000 mAh BlueEye battery bank bought off of Zazz.com.au like a year or two ago, however PCCaseGear has various battery bank offerings ranging from ~$30 to ~$60 from known-and-proven tech companies like TP-Link & Aerocool.
1 Like
Any reason why you didn’t review any Limefuel power banks? I bought one a couple of years ago and it has never missed a beat.
I’ll pass on your feedback to the reviewer @gregcarman regarding the Limefuel power bank. Nice to hear it has served you well 
