Federal authorities, tech pundits, and news outlets want you to be on the lookout for a scary cyberattack that can hack your phone when you do nothing more than plug it into a public charging station. These warnings of “juice jacking,” as the threat has come to be known, have been circulating for more than a decade.
Earlier this month, though, juice jacking fears hit a new high when the FBI and Federal Communications Commission issued new, baseless warnings that generated ominous-sounding news reports from hundreds of outlets. NPR reported that the crime is “becoming more prevalent, possibly due to the increase in travel.” The Washington Post said it’s a “significant privacy hazard” that can identify loaded webpages in less than 10 seconds. CNN warned that just by plugging into a malicious charger, “your device is now infected.” And a Fortune headline admonished readers: “Don’t let a free USB charge drain your bank account.”
The Halley’s Comet of cybersecurity scares
The scenario for juice jacking looks something like this: A hacker sets up equipment at an airport, shopping mall, or hotel. The equipment mimics the look and functions of normal charging stations, which allow people to recharge their mobile phones when they’re low on power. Unbeknownst to the users, the charging station surreptitiously sends commands over the charging cord’s USB or Lightning connector and steals contacts and emails, installs malware, and does all kinds of other nefarious things.