What is juice-jacking and how can you protect your attendees from it?

As if event managers didn’t already have enough cyber scams to worry about, those naughty criminals have come up with another, and it’s called ‘juice-jacking’.

Before you run to the fridge to throw a protective ring around that carton of Tropicana, juice-jacking is, of course, a cyber exploit whereby criminals steal sensitive data from phones, tablets and laptops via public USB charging ports – like the ones often found in conference and convention centres.

The practice has become so widespread that the US Federal Bureau of Investigation (FBI) has advised citizens against using free charging stations in public places.

How does it happen?

Basically, criminals can load malware and monitoring software onto public USB charging stations in order to maliciously access peoples’ electronic devices while they are being charged.

They typically do this in one of two ways.

Either the criminal creates an entirely fake charging station, or they tamper with a legitimate one. In the former case, the attacker essentially sets up their own malicious station which contains a hidden computer instead of a charger, allowing them to connect to and access your device.

In the latter, they will swap out a normal charging cable for one which contains a tiny computer chip capable of intercepting and stealing data from your mobile or laptop.

Either way, the compromised charging station can then install further malware through the USB port that can compromise a device or export personal data and passwords from it directly to the perpetrator.

Criminals can then use that information to access online accounts or sell it to other bad actors.

Worryingly, in most cases, it won’t be immediately obvious that your device has been compromised, with the most common signs being overheating, the battery dying more quickly or mysterious changes to your settings.

How bad can it be?

According to cyber security researchers, juice-jacking is a technically difficult attack to execute, but when successful it often gives the criminal unfettered access to the victim’s devices as they charge. So that would be passwords, banking apps, photos – the whole nightmare scenario.

How can you keep attendees safe?

Here are some tips to give your attendees peace of mind and keep their devices charged up while they’re at your event.

• If you’re in a venue with installed public charging devices, warn participants about the risk and advise them on how to stay safe. For example, remind them to make sure the device is locked. This will stop the phone or tablet from pairing with a potentially connected device on the other end of the port. Better still, turn the device off completely before charging. If a prompt appears asking to select ‘share data’, ‘trust this computer’, or ‘charge only’, always choose ‘charge only’.
• Juice-jacking attacks only affect devices connected directly to USB ports. You might consider offering your own charging station at the registration desk, making it very clear that devices are connected directly to an electrical outlet (with nothing in-between).
• Provide plenty of power outlets so that cautious attendees can plug in their own portable charger.
• Looking for merch ideas? You could consider giving attendees a branded external battery pack so they can always charge their devices safely on the move (while thinking fondly of your brand). You could even gift them a branded USB data blocker. A data blocker is a device that plugs in between the phone / computer and the USB charge point and blocks any kind of data exchange so that, even a compromised charging station could be used safely.

Juice-jacking is a real threat that can result in major loss and damage to victims. So be ready to address attendee’s questions and concerns, as well as offering them secure ways to stay fully charged at your next meeting.