Building upshot

About us

Latest Insurance News

27.06.24

Juice Jacking Explained – Cyber risks and liabilities update

Cyber-risks and liabilities – Juice Jacking

Charging a battery through a free public USB charging station may seem innocuous, but doing so could result in costly cyber-security issues. Through a tactic known as juice jacking, a malicious actor can gain access to an individual’s device when they connect to these ports. Since these charging stations are common in public places like airports and hotel foyers, organisations should be cognisant of this threat. This is especially true of organisations with employees who travel with company devices and confidential data. This article provides more information on juice jacking and offers tips on mitigating its associated risks.

Understanding Juice Jacking

Juice jacking refers to a type of cyber-attack in which a malicious actor gains access to a device connected to a public USB charging station. Once the perpetrator has breached the device, they pose numerous threats, including the ability to steal data, load malicious software onto the device or disable it completely. Although it’s unclear how common this cyber-attack method is within the UK, a USB port can be used to both charge a device and transfer data, making juice jacking technically possible. Consequently, the FBI recently warned people against using free charging stations.

Tactics juice jacking perpetrators may use include embedding chips with malicious software into USB charging ports, tricking individuals into using infected cables designed to look legitimate or utilising hardware that turns the connected device into a Wi-Fi access point that allows them to exfiltrate data.

The Risks of Juice jacking to Organisations

With employees often conducting business on portable devices, juice jacking poses a threat to organisations. If a malicious actor gains access to employee devices through juice jacking techniques, confidential information may be compromised and costly equipment can be ruined. Installed malware may also allow a perpetrator to steal credentials and gain access to servers or clouds with additional business information, and it may result in the continuous siphoning of data. These data breaches can have significant financial and reputational impacts on businesses. They may result in the need to pay regulatory fees, fines and penalties and erode the trust and confidence of partners, vendors and clients

Mitigating the Risk of Juice jacking

There are several measures organisations and employees can take to reduce the risk of being the victim of a juice-jacking attack. These include:

  • Provide employee education. Educating employees about cybersecurity threats, such as juice jacking, can help them be aware of these risks and learn how to mitigate them. Avoid public charging stations. Avoiding the use of public USB charging stations altogether is the best way to eliminate the risks juice jacking presents. Ensuring devices are adequately charged before trips and employing battery-saving methods such as darkening the screen display can help accomplish this goal.
  • Use AC plug sockets and a personal charger. Bringing a personal charger and finding a plug socket to connect it to can allow employees to charge their batteries without having to rely on public USB ports.
  • Carry an external battery pack or power bank. External battery packs or power banks can hold enough energy to power devices, allowing employees to avoid public USB charging stations. Users should ensure they are storing and using these power sources in accordance with the manufacturer’s instructions.
  • Carry a charging-only cable or USB data blocker. A charging-only cable does not allow data to transfer, so users can add a layer of protection between the charging station and their device. Similarly, a USB data blocker is a small device that is plugged in between a user’s device and a charging port to prevent data transfer while allowing charging.
  • Check security settings. Individuals should review their device’s security settings to ensure they are not set to allow automatic data transfer upon connection to an outside device.
  • Select “charge only.” If a message prompt appears when using a public USB charging station, users should only select the “charge only” option. They should avoid selecting options to “trust the charging device” or “share data” and make certain the device is locked while it is charging.
  • Keep software updated and patched and install antivirus protection. Ensuring employees take standard cyber-security precautions, such as ensuring devices are updated and patched and antivirus protection is installed, is essential in reducing the threats from cyber-criminals.
  • Secure cyber-insurance. Obtaining cyber insurance can help mitigate the losses associated with juice jacking and other cyber-attacks.

Conclusion

As cyber-threats such as juice jacking continue to emerge, organisations must remain informed and vigilant. By taking measures to address cyber-security risks, organisations can safeguard their data, mitigate potential financial losses and protect their reputations.

Contact us today for more risk management guidance and insurance solutions.

Information provided by Zywave and contributed by Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.

This Cyber-risks & Liabilities document is not intended to be exhaustive, nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2024 Zywave, Inc. All rights reserved.