Reset

Avoid Juice Jacking, Malware Cyberattack, During the Holiday Season

December 9, 2019

Hikvision Cybersecurity Director Pens Security Tips to Prevent Concerns with Juice-Jacking

Officials are warning people against plugging mobile devices into public USB charging stations while traveling or shopping during the holidays due to a cyberattack called juice-jacking that involves malware, according to an article in SecurityInfoWatch.com.

Public USB charging stations at malls or airports should be avoided. Instead, you should bring your own cord and plug it directly into an electrical outlet. This will help people avoid becoming a victim of juice jacking, a serious security concern for smartphones, tablets and computers. Within a minute, “a virus can be transferred to unsuspecting users’ devices. Then, the virus begins exporting sensitive data and passwords directly to the scammers,” according to the article.

The article explains the way the malware scam works: “A computer is concealed within the charging kiosk or on cables left plugged in that are programmed to automatically pair with smartphones when they are plugged in. The rogue computer can then freely access all the information stored on electronic devices, from passwords to emails, to address books to photos to text messages. It can even do a full backup of your phone, all of which can be accessed wirelessly by the crooks.”

For more tips to prevent juice-jacking, read this Hikvision blog: “Hikvision Cybersecurity Director Presents Pro Tips to Reduce Security Concerns Related to Juice-Jacking: Trading Your Data for Power.” Our cybersecurity director, Chuck Davis, offered these pro tips in the article:

  1. Travel with your own USB power adapter, preferably the one that came with your mobile device. This will ensure that only power is going to your mobile device.
     
  2. Buy a USB data blocker. This device protects against untrusted USB ports because it only allows power to pass through to the mobile device. Are you skeptical? Good! Try it out between your phone and laptop. You'll see that nothing pops up to offer a backup of your phone’s data. There are a number of companies online that sell inexpensive data blockers.
     
  3. Buy a data blocking cable. Again, these are inexpensive and can be found online. With so many people backing up mobile devices to the cloud, you may not even need a normal cable that allows data transfer anymore.
     
  4. Another safe option for charging more modern mobile devices is to use a wireless charging pad since these only provide power to your device.
     
  5. Don't use untrusted cables. While this example doesn't infect or steal data from a mobile device, here is a video of Kevin Mitnick demonstrating a malicious cable that can install malware on your computer when you use it to charge your phone.

For more tips about cybersecurity, check out Hikvision’s extensive catalog of cybersecurity blogs at this link. For additional insights, visit our online Cybersecurity Center for best practices, tips to change passwords, security notices and firmware updates.  

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).