“Juice Jacking” Returns to the News but Still Hasn’t Happened

ByEmily Dolloff

Much has been made in the media about a recent FBI warning about “juice jacking,” the theoretical act of installing malware on or stealing data from an iPhone connected to a public charging station. Researchers first demonstrated juice jacking in 2011 at the Defcon security conference.

There’s no harm in following the FBI’s advice, but why raise the topic now? When questioned by the fact-checking site Snopes, the Denver office of the FBI said it was a standard public-service announcement tweet.

More importantly, there’s no indication that there’s any reason to worry. The security site Krebs On Security quoted one of the original juice jacking researchers as saying that he isn’t aware of any public accounts of a juice jacking kiosk existing in a public place outside of a security conference.

Making the risk of juice jacking even less concerning are security changes that Apple has made to iOS and iPadOS. Now, when you connect a device to a USB charger or device that does anything beyond providing power, you’ll see a prompt asking if you trust it. Given that there are no documented instances of juice jacking outside of a demonstration, it’s highly improbable that you’d get such a prompt when connecting to a public charging station, but if that were to happen, tap Don’t Trust and unplug your device immediately.

To block all possibility of juice jacking, you could:

  • Bring your own USB charger and plug it into a standard wall outlet.
  • Charge your iPhone from a battery pack and recharge the battery from a public charger.
  • Use a public wireless Qi charger. No cables, no worries.
  • Connect a USB data blocker to the end of your charging cable when using a public charger.
  • Rely on a special USB cable that can only charge, not carry data.

But honestly, just as with warnings about poisoned Halloween candy, these juice-jacking warnings don’t seem to be based on any documented instances. Our take? It’s sensible to bring a USB charger when traveling and carry a battery pack as a backup, but there’s no reason to worry about security when using a public charger. Amusingly, while we were editing this article, Ars Technica published a lengthy piece expanding on everything we’ve just said.

(Featured image by iStock.com/ClaireLucia)

Social Media: Juice jacking—malware installation or data theft after you plug a phone into a public charger—is in the news again. While the recommended precautions aren’t onerous, there are no documented instances of juice jacking happening in the wild.

Similar Posts

  • This is the craziest Presidential election cycle that I have seen. I first got involved when President Johnson was running against Barry Goldwater and that seemed pretty crazy especially after I lost faith with the President over Vietnam. But this time it would be great comedy if the stakes were not so serious. I have to tell you that seeing Donald Trump ask people to raise their hands in a pledge is one of the scariest things I have seen in a long time.

    Voting is so important and our system is messy with primaries, caucuses, super delgates and conventions but it is also the basis of our democracy. I am proud to say that the Vermont legislature passed an automatic voter registration bill unanimously this week, meaning when you get a driver’s license you are automatically registered to vote. You really do not have the right to complain about your leaders if you do not get out and vote. So, exercise your right and go to the polls when the circus comes to your state!

    Thank you so much for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily & Hadley_