Much has been made in the media about a recent FBI warning about “juice jacking,” the theoretical act of installing malware on or stealing data from an iPhone connected to a public charging station. Researchers first demonstrated juice jacking in 2011 at the Defcon security conference.
There’s no harm in following the FBI’s advice, but why raise the topic now? When questioned by the fact-checking site Snopes, the Denver office of the FBI said it was a standard public-service announcement tweet.
More importantly, there’s no indication that there’s any reason to worry. The security site Krebs On Security quoted one of the original juice jacking researchers as saying that he isn’t aware of any public accounts of a juice jacking kiosk existing in a public place outside of a security conference.
Making the risk of juice jacking even less concerning are security changes that Apple has made to iOS and iPadOS. Now, when you connect a device to a USB charger or device that does anything beyond providing power, you’ll see a prompt asking if you trust it. Given that there are no documented instances of juice jacking outside of a demonstration, it’s highly improbable that you’d get such a prompt when connecting to a public charging station, but if that were to happen, tap Don’t Trust and unplug your device immediately.
To block all possibility of juice jacking, you could:
- Bring your own USB charger and plug it into a standard wall outlet.
- Charge your iPhone from a battery pack and recharge the battery from a public charger.
- Use a public wireless Qi charger. No cables, no worries.
- Connect a USB data blocker to the end of your charging cable when using a public charger.
- Rely on a special USB cable that can only charge, not carry data.
But honestly, just as with warnings about poisoned Halloween candy, these juice-jacking warnings don’t seem to be based on any documented instances. Our take? It’s sensible to bring a USB charger when traveling and carry a battery pack as a backup, but there’s no reason to worry about security when using a public charger. Amusingly, while we were editing this article, Ars Technica published a lengthy piece expanding on everything we’ve just said.
(Featured image by iStock.com/ClaireLucia)
Social Media: Juice jacking—malware installation or data theft after you plug a phone into a public charger—is in the news again. While the recommended precautions aren’t onerous, there are no documented instances of juice jacking happening in the wild.