“Juice Jacking” Returns to the News but Still Hasn’t Happened

ByEmily Dolloff

Much has been made in the media about a recent FBI warning about “juice jacking,” the theoretical act of installing malware on or stealing data from an iPhone connected to a public charging station. Researchers first demonstrated juice jacking in 2011 at the Defcon security conference.

There’s no harm in following the FBI’s advice, but why raise the topic now? When questioned by the fact-checking site Snopes, the Denver office of the FBI said it was a standard public-service announcement tweet.

More importantly, there’s no indication that there’s any reason to worry. The security site Krebs On Security quoted one of the original juice jacking researchers as saying that he isn’t aware of any public accounts of a juice jacking kiosk existing in a public place outside of a security conference.

Making the risk of juice jacking even less concerning are security changes that Apple has made to iOS and iPadOS. Now, when you connect a device to a USB charger or device that does anything beyond providing power, you’ll see a prompt asking if you trust it. Given that there are no documented instances of juice jacking outside of a demonstration, it’s highly improbable that you’d get such a prompt when connecting to a public charging station, but if that were to happen, tap Don’t Trust and unplug your device immediately.

To block all possibility of juice jacking, you could:

  • Bring your own USB charger and plug it into a standard wall outlet.
  • Charge your iPhone from a battery pack and recharge the battery from a public charger.
  • Use a public wireless Qi charger. No cables, no worries.
  • Connect a USB data blocker to the end of your charging cable when using a public charger.
  • Rely on a special USB cable that can only charge, not carry data.

But honestly, just as with warnings about poisoned Halloween candy, these juice-jacking warnings don’t seem to be based on any documented instances. Our take? It’s sensible to bring a USB charger when traveling and carry a battery pack as a backup, but there’s no reason to worry about security when using a public charger. Amusingly, while we were editing this article, Ars Technica published a lengthy piece expanding on everything we’ve just said.

(Featured image by iStock.com/ClaireLucia)

Social Media: Juice jacking—malware installation or data theft after you plug a phone into a public charger—is in the news again. While the recommended precautions aren’t onerous, there are no documented instances of juice jacking happening in the wild.

Similar Posts

  • Reminders (Finally) Adds Time Zone Support

    Apple’s latest operating systems have eliminated a longstanding annoyance for frequent travelers: the lack of time zone support in Reminders. If you had…

  • Never Save Your Work in These Locations

    In every job that involves interaction with the public, amusing “Can you believe…” stories about customers abound. They’re often triggered by seemingly reasonable…

  • Who cares about QR Codes?

    By now you’ve probably seen one of those odd-looking white squares with a bunch of smaller square dots that make up a random pattern inside–that’s a QR code. QR stands for “Quick Response,” and a QR code is a form of barcode, just like on the packaging of nearly everything you buy.

    Usually QR codes are used to store Web links–URLs–so an ad can display just the QR code instead an unwieldy and hard-to-type web address. But QR codes aren’t just for ads. They’ve appeared on business cards, in magazines and books, on coins and bills, and even on tombstones–any place it would be nice to help someone load a Web link into a smartphone but where there isn’t enough room for a URL or in situations where viewers won’t remember the URL later. And the links? They can display anything that can appear on the Web: text, photos, videos, games, and more.

    Only one built-in iPhone app can scan QR codes–the Wallet app in iOS 9–but it can scan only QR codes that are associated with Wallet passes, things like airline boarding passes, concert tickets, and iTunes gift cards. For QR codes that encode any other sort of data, Wallet shows an error. It would be nice if Apple would add general QR scanning capabilities to Wallet or the Camera app, but until that happens, you’ll need another app.
    There are numerous QR code scanning apps in the App Store, but if you need a recommendation, give TapMedia’s QR Reader for iPhone a try. It’s free with ads (remove them with a $1.99 in-app purchase), scans both QR codes and traditional barcodes on most commercial products, and displays the associated information within the app. It can even help you create your own QR codes.

    To use a QR code scanner, launch the app, allow it to access the camera when it asks, and then point it at the QR code. Good apps will scan nearly instantly, but if not, move the camera so the QR code is centered between the guides. If even that doesn’t work, move forward or back so the camera can focus on the centered code.

    Once the code has been scanned, the app will usually bring up an in-app Web browser to display whatever was encoded. For certain kinds of data, like books or grocery items, the app may go right to Amazon or a price comparison site. Good apps will also keep a record of sites you’ve scanned, so you can go back to them later, even if you can no longer scan the QR code.

    So download a QR code scanning app and keep an eye out for QR codes. Once you start looking, you’ll find them everywhere–it’s a modern-day treasure hunt!