The problem with smartphones is that battery technology hasn’t been able to keep up with the powerful features that these devices offer. Often, you can find that you run out of power in the middle of the day. If you don’t have your charger on you or access to a free power outlet, you could be tempted to look around for a public charging kiosk. You believe that you can quickly plug your phone in, get enough juice in your phone for a few hours and head off. What could possibly go wrong?
Juicejacking is what can go wrong
While different smartphone models use different charging port designs, they tend to have one feature in common – they all use the same port both to connect to a computer and to charge. You may think that all you’re doing connecting the charging plug at a charging kiosk to your phone is to connect to a power supply. The other end of the cable could conceivably be connected to something else, though – like a hacker’s computer. You never know what’s on the other end.
A presentation by three computer scientists called Billy Lau, Yeongjin Jang and Chengyu Song called Injecting Malware Into iOS Devices Via Malicious Chargers has recently attracted much attention on the Internet. It talks about the results that these researchers achieved building a simple malicious charger to inject malware into Apple mobile devices with. They found that they could easily infect any stock Apple device with no user intervention.
Another presentation in 2011 by another set of researchers achieved even more alarming results on Apple devices using Apple’s device pairing technology. Paring is a process on Apple devices whereby devices establish trusted relationships with the computers that they are connected to. Once a trusted relationship is established, it is permanent until the device is erased and restored to factory state.
These researchers found that malicious charging stations could pair to Apple devices and then continue to keep in touch with them over Wi-Fi, even after they had physically disconnected from them.
Should you be alarmed?
For the most part, juicejacking is rare today. It is unlikely that charging stations at airport terminals or railway stations could have malicious computers attached to them. If you need to plug your device into a charging station outside some store or other less controlled place, though, you could need to think. If you do need to charge your phone at the kiosk outside a fast food restaurant or next to a bus stop, you need to take the following precautions.
See if you can power your phone down before you connect to a charging station. Most phones will not allow access to their data unless they are powered up.
If yours is an Apple device, you could try to disable the pairing feature. You need to have a jailbroken device for this to work, though.
You can carry a special, modified USB cable that only has the power wires working – not the data wires. Your phone may charge more slowly this way. It will be safer, though.
You can lock your phone so that it won’t be accessible without a PIN. If you’ve set a PIN, your Apple device will only pair when it is entered.
While there is no point being alarmist, it’s important to recognize that threats can quickly turn real when criminals learn about them. It’s always good tech practice to keep ahead of the curve.