We’ve all been there. The dreaded “battery level 20%” pop up on your phone. The sudden change from white to red on the top right-hand corner of the screen. Panic sets in as you start to imagine the catastrophes that would occur should the battery not last until you can charge it again; parents’ never-ending phone calls and messages asking “where are you?” and “why do you leave the house without a charged phone?” (it was charged when I left, mom); the inability to make purchases with Apple Pay; not being able to post your gym pic on Instagram (because if you didn’t share it online, did it even really happen?), and the list goes on.
Alas, you spot the charging kiosk in the distance as if it were illuminated by God himself. The sweat subdues as you make your way closer and closer to the holy temple. As you finally connect the wire to your phone, you let out a long sigh of relief. All is well in the world again. The birds are singing, and the clouds are parting to let the sun stream through.
But no. This is 2020 and the world is a gloomy place to be. Trump is president, Brexit is still occurring, and hackers are out to get you. Yes, you. “What could they want from me?” I hear you ask. That late-night burger you ordered online, or those shoes you bought online because you just had to have them, both required something hackers are drawn to; your credit card details. And they are obtaining those details, along with other sensitive content such as personal information, through a tactic called “juice jacking”. Don’t let that alliteration fool you. Juice jacking is a real threat and just by using a free public charging spot, a cybercriminal can take complete control of your smartphone and inject malicious code. In as little as one minute (not long enough for your phone to get 1% of charge), a virus can be transferred onto your device which then starts to export sensitive data and passwords directly to the attackers.
But how do they do it? Let me bring some clarity to this confusing and earth-shattering revelation. A computer is concealed within the charging kiosk, or in the cables, that are there for you to naively use. The cables are programmed to automatically pair with smartphones once they have been plugged in which allows the rogue computer to freely access all the data on your device. All your food pics? Yes, the perpetrators can gain access to those. All your group chat banter? Yes, they’re seeing those, too, and maybe even laughing along at your jokes. But you won’t be laughing because they also have access to your bank information. And, if you “trust” the cable you have just plugged into your device, attackers can access your data long after you’ve unplugged your phone.
So, that free charging kiosk you thought would solve all your problems? It might just drain your bank account.