November, 5, 2012
First Coast News
Every time Ivan Posada flies for business, he packs his laptop and his smartphone.
"This is my lifeline a lot of times out at airports," Posada explained, smartphone in hand.
Usually, Posada plugs both his phone and his computer in before boarding so that the devices have enough power to last through the flight. That is what hacking experts say "Juice Jackers" are hoping for when they try to steal your information.
"You have no idea what's on the other end of that cord," warned Dr. Layne Wallace, a professor in the School of Computing at the University of North Florida.
Dr. Wallace said "juice jacking" is the process of hacking into someone's smartphone through the USB jack while the user is trying to charge the device. Because phones use USB for both power and data transfer, that leaves them vulnerable.
"Everything in your phone is susceptible to being stolen," said Wallace.
Wallace said the charging stations provided by airports and individual airlines are generally safe, but he urges smart phone owners to look out for fake charging stations. The fraudulent power stations are usually about the size of a shoe box and have power supply cords already attached to them. The fake stations are often left in open, public areas of airports, train stations or large events, said Wallace.
David Johnson, Senior IT Administrator for Jacksonville International Airport, said he is familiar with the threat of the phony power stations, but he assures travelers JIA has never had one. Johnson said airport visitors should use the USB and AC power stations in the middle of the terminal, which are clearly labeled.
"We keep tabs on new trends in the industry and things like that, but it just hasn't been an issue here at JIA," Johnson explained.
More than just data
Dr. Wallace said the threat has expanded to more than just one phone at a time. He said some hackers are now using victims' smartphones to spread malware.
"It goes way beyond just stealing information," said Wallace. "The more dangerous part is putting software onto your phone."
In some instances, once an unsuspecting person plugs into a fake charging station, the computer inside the station uploads a program to the phone. That program then sits, undetected, on the phone until the user shares data with another person. When the two phones share data via a photo or game, the malware is also transferred.
"That's scary," said Dr. Wallace. "That makes us lose sleep at night because once it becomes viral, that means we have a much harder time stopping it."
How to stop "Juice Jacking":
- Carry an extra phone battery with you
- Only use marked airport or airline charging stations
- Turn off your phone when charging it so that no data can be transferred
- Charge your phone using the AC adapter and not just the USB cord
- Do not do any banking on your phone