How Hackers Steal Sensitive Information From Phones Using USB Port Through Juice Jacking


A very dangerous trick that has actually been around for a while is actively being used by hackers to steal personal information on targets’ phones. The method is called Juice Jacking and it makes use of old USB cables or infected USB port to access files on the phone. Interestingly, hackers infect the USB ports or cable found at the free charging stations at the mall, airports and other public stations with malware.

After these are connected to a phone, the malware is injected onto the phone to exfiltrate data. This method is very dangerous since it is nearly impossible for targets to know whether a particular USB cable or port is infected or not.

In one of the reported cases, a target had a message on his screen right after connecting his phone to the USB port or cable at a free charging station advising him to be careful when connecting his smartphone to an old USB port in a public kiosk. The message continued to read that sensitive information can be downloaded or retrieved without being aware. Luckily, that particular station had taken the ethical route, meaning all users were free from the malware.

Juice Jacking simply works by taking advantage of the multiple options designed for any regular USB port or cable. Any regular USB port or cable is designed to have five pins with just one enabling the charging of the receiving end. The others ensure that data are transferred between systems by default. This is what hackers take advantage of. They also take advantage of the fact that any connection is only visible to the end that provides the power.

Juice Jacking

Image Source:

Charging a phone by using a USB cable and connecting it to a laptop is a perfect example of this. The provider of the power which is the laptop can provide enough ground to view and transfer any information on the phone. Threat actors, in this case, use the USB port or cable at the free charging station to exfiltrate data without the consent of the power receiver. There are two main types of Juice Jacking:

Data Theft (Juice Jacking)

Data Theft in juice jacking is the situation whereby an infected USB port or cable steals any personal information found on the connected phone. It is worth noting that data theft does not necessarily have to have a hacker behind the free charging station controlling the device remotely. Data theft can be fully automated according to research.

The malware on the USB port can drop an additional payload on the connected device to do all these. There are crawlers that can slowly search for personally identifiable information, credit card details and account information on the infected phone. They do not really have a specific target. The USB port is infected to steal the personal information of anyone to be sold on the dark web, though they may be extremely lucky to infect the phone of a government official.

Malware Installation

Malware Installation is another type of juice jacking that makes use of an installed malware to steal more comprehensive data. The infected USB port or cable drops malware on the connected device, then takes time to steal information like recent purchases made, GPS location, photos, call logs, social media interaction and many other processes. Hackers can install different kinds of malware including ransomware, adware, cryptominers, Spyware and Trojan.

Juice jacking

Image Source:

Ransomware is launched on targets phone to encrypt the phone for a ransom. Cryptominers are meant to mine cryptocurrencies using the phone CPU or GPU which ends up draining the battery of the infected phone. Spyware is also launched to track or monitor targets. It is worth noting that most malware are designed to hide in the background to operate, while others leave a sign of possible malware infection. This includes quickly drained batteries, advertisements pop-ups or notifications pop-ups, and icon of apps you did not download appearing on your phone.

To be able to prevent juice jacking, it is important to avoid free charging stations completely. If you cannot, ensure that any option that ensures that information is transferred from your phone when a USB is connected is blocked. It is advisable to move with your AC charger to charge your phone instead of using a public USB port or cable.
Another alternative is to use a power bank when traveling.

You may not have any credit card information or any important files on your phone, but you certainly have what hackers are looking for. Your personal information can be stolen and sold cheaply on the dark web using juice jacking. The websites you visit and your browsing activities can be tracked which can lead to hackers getting access to your sensitive account credentials and other information you cannot afford to lose to third parties.

Source: Yahoo Sports

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites


Please enter your comment!
Please enter your name here