Weird Security Term of the Week: "Juice-Jacking"

The Problem:

For the past couple of years, charging stations have been popping up everywhere as easy places to catch a breather from running out of a charge halfway to your destination. This is a great service, however as these also allow direct USB connections, they can also be a security hazard.

“Juice-Jacking” or the idea of using a station like this to steal data from the mobile device can be an incredible hazard for two reasons. First- these stations normally exist in areas where people are paying a lot of money to sit around and be grumbly. Therefore the devices (and their owners) are likely to have more cash than the typical off the street person, and their information would be of more value than average. Second- its not an attack vector that most people are accustomed to; they are used to the idea now that open Wi-Fi is bad, and that anything going across an unencrypted connection can be seen by whoever else is there, but an outlet is an outlet- what else are they going to worry about?

The Solution:

There are a couple of different ways of getting around this issue, each with its own unique spin on things:

Solution the First: USB to wall outlet adapter

While these come with every newer mobile device, they are still difficult to come by at times. An adapter that takes a USB cable and puts it into a regular wall jack format can be worth quite a bit to the right person, and is easier to handle instead of its direct-wired counterpart. Granted you’ll still need a device to USB cable, but with the standardization to Micro-USB, that’s a lot easier than it used to be.

Typical price: 3-5 dollars on Amazon

Solution the second: “USB Condom”

Stay with me on this one. When this issue first came into public knowledge, a product came out that expressly blocked the ‘data’ pins on a USB connector. This essentially allowed only the ‘power’ pins to connect to the jack on the other end, thus protecting the device from picking up any unwanted activities. There are varying versions, from a simple plastic cover to an actual packaged extender type product, but they all do the same basic job, and can be left on the end of a cable without a lot of extra clutter.

Typical price: 10-15 dollars on various vendors

Solution the third: “Charge-only” USB Cable.

Not all USB cables are created equal (Please do not buy the inevitable $50 Monster USB cables). When you look at a USB cable, you will notice a series of metal contacts- each one has a dedicated purpose, and similar to the function of the USB condom, it is possible to create a cable that has only wiring for the ‘power’ contacts. While it is also possible to create such a cable yourself, that is usually beyond the scope of a typical user. It is possible to find one of these very cheaply as there is actually less to it than a typical USB cable, however they can also charge more for them because they are a ‘Security-specialty’.

Typical price: 5-10 dollars on Amazon

All of the solutions do basically the same job- keep the device from talking to something on the other end. The implementation is what is different, and what you want to go with depends on how handy you want it to be- whether you want something to go onto the end of your regular connection cable that you keep in your everyday carry, or you want something deliberately for that purpose and don’t want to worry about losing yet another adapter.