Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 176: Beware of Juice Jacking
Reference Number: ACG-CSB 112519176
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.
Travelers should avoid using public USB power charging stations in airports, hotels, public charging stations, portable wall chargers and other locations because they may contain dangerous malware.
There are two ways juice jacking could work, Data theft During the charge, data is stolen from the connected device and malware installation as soon as the connection is established, malware is dropped on the connected device. The malware remains on the device until it is detected and removed by the user.
avoid using any charging cables and power banks that seem to be left behind. You can compare this trick to the “lost USB stick” in the parking lot. You know you shouldn’t connect those to your computer
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Juice jacking:
- Bring your own charger. Toss a power supply or AC adapter into your purse or briefcase and use that instead. Since it’s your device, you can be sure that you’ll only be getting power out of it. Plus, you can plug into any AC outlet you want.
- Get a power-only USB cable. On a USB connector, there are certain pins that transmit power, and there are certain pins that transmit data. In the pinout diagram below, pins 3 and 2 are for data. Pin 1 is for 5 Vdc power.
- Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version;
For additional information, please refer to the following websites:
POINT OF CONTACT