Later On

A blog written for those whose interests more or less match mine.

There’s a new way to hack your phone or laptop.

leave a comment »

From the NY Times newsletter:

It’s “juice jacking” — and its perpetrators load airport or other public USB ports or USB cables with malware, just waiting for you to plug in and get infected. Sometimes the tainted USB cables are giveaways.

Hackers can then read and export your data, including your passwords, or even lock up the gadget.

So if you’re out and about, use a power outlet rather than a USB charging station, carry your own cords, and maybe keep a portable battery on hand. There are also inexpensive “USB condoms” that disable the cable’s data pin, allowing charging but blocking any flow of data.

From the article at the link:

As the busy holiday season approaches, the Los Angeles County District Attorney’s Office is warning travelers about a USB charger scam, or “juice jacking.”

“A free charge could end up draining your bank account,” Luke Sisak, a deputy district attorney, said in a video posted online this month.

Juice jacking happens when unsuspecting users plug their electronic devices into USB ports or use USB cables that have been loaded with malware.

The malware then infects the devices, giving hackers a way in. They can then read and export your data, including your passwords, and even lock up the gadgets, making them unusable.

Juice jacking exploits the fact that somebody doesn’t have a full battery, said Liviu Arsene, a cyber security expert at BitDefender, a Romanian cybersecurity and antivirus software company.

Mr. Arsene cautioned against using USB cables found already plugged into charging stations or even given away as promotional gifts.

“You can easily brand these things so you can make it look like any other cable,” he said, adding, “When people see it, they don’t really think or expect it to be malicious in any way.”

Other ways to protect yourself include carrying your own charging wires, only charging directly from an electrical outlet and using portable batteries that were bought from known vendors, Mr. Arsene said.

“Don’t believe everything you see, and don’t believe everything you get your hands on,” he said, noting that starting with Black Friday, if it looks too good to be true, it probably is.

But it isn’t just cables that pose a risk for tech consumers; it’s the ports, too.

Like scammers who steal debit card numbers by putting illegal card-reading devices, or skimmers, on A.T.M.s, hackers can easily rip out USB ports and replace them with their own malicious hardware, said Vyas Sekar, a professor at CyLab, a security and privacy research institute at Carnegie Mellon University.

“It’s easy to modify the outlet if the attacker has physical access,” Professor Sekar said.

Though Mr. Arsene and Professor Sekar said they were unsure of how often hacking attacks like these happened, the growing ubiquity of USB charging ports in places like hotels, airports and public transportation has translated into an increased risk of falling victim to such scams.

“People want the convenience of charging their phones and tablets wherever they go,” Professor Sekar said, adding, “Obviously I would like it too, but there is a risk.”

Professor Sekar said consumers could also use attachable protective devices on USB cables known as “USB condoms.”

“What they do is a very simple trick,” he said. “They essentially disable the data pin on the USB charger.”

This means that the device will charge, but the cable will be unable to send or receive data.

“For less than five bucks you can buy it,” he said, “and that can actually save you.” . . .

Example of a USB condom.

Written by LeisureGuy

18 November 2019 at 4:04 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.