For those who are asking if juice jacking is possible on iPhone, the straight answer to that is yes. Juice jacking happens at some public charging stations. Such conveniences have actually been infected with malware. Malicious actors are able to use these to steal your data without your knowledge. This quick guide explains what juice jacking is and how you can avoid it on your iPhone.
Public Charging Stations Are Convenient But a Threat to Privacy at the Same Time
With today’s highly mobile society, you may inevitably experience the need to charge your iPhone using a public charging station. There are a lot of these charging kiosks in airports, convenience stores, and other public areas. They are often free to use as part of the establishments’ amenities.
However, since they are freely available and practically anyone can use them, these charging stations have also been the subject of attack by malicious hackers. Yes, you read that correctly, hackers and other malicious actors can attack those charging ports and infect them with malware.
Because of this threat, when you plug in your iPhone, your data and files become vulnerable to being accessed or used without you knowing it. Charging stations with USB ports can not only transmit the electrical charge to your device but technically can also transfer data from your iPhone to the attacker’s computer.
What is Juice Jacking and How Does it Work?
Brian Krebs, a journalist, coined the term “juice jacking” in 2011. While he was conducting a proof of concept attack at DEFCON, he noticed a message that popped up when users charge their devices such as iPhones into some free (and yet compromised) charging docks. The message read:
You should not trust public kiosks with your smartphone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route, and your data is safe. Enjoy the free charge!
That particular message, in a way, explained what the concept of juice jacking and how it works. So, when you connect your iPhone to the compromised charging station, it becomes open for attack. That’s because, as mentioned, USB ports in charging stations can be used for more than just transferring electricity.
These USB ports can transfer data as well. Charging your iPhone in compromised charging stations gives malicious actors ample time to do their tricks. These include stealing files and data from your iPhone, monitoring your keystrokes, and even infecting your device with malware.
Hence, the next time you see a prompt asking you if you should “Trust” the device your iPhone is connected to, think twice about whether you should confirm the prompt. You may not be aware of it, but a malicious actor may already be hacking into your iPhone.
How to Avoid Juice Jacking on Your iPhone
With juice jacking explained, the question now is how can you avoid it? The first and most effective option is certainly not to use public charging stations. But I know that it is unavoidable, especially if you’re on the go and need to use your iPhone that has just run out of battery life. If that’s the case, you should follow some cautionary measures to avoid falling victim to juice jacking.
Quick Tip:
One of the methods we always suggest as a quicker alternative to protect your iPhone against juice jacking and of course, other potential cyber attacks is a trustworthy app like ExpressVPN. It monitors your device in real-time and intercepts data theft, malware installation, and disabling attacks, so your data can always be safe.
Enable iPhone Security Features
In case you’re not aware, mobile devices such as the iPhone are equipped with some technical protections against security threats such as juice jacking. So, you must enable these security features. For instance, when you connect a charging cable to your iPhone, your device automatically disables its ability to transfer data. Thankfully, by default, this is enabled on all iPhones.
Also, don’t forget to lock your device when charging. This will help prevent it from syncing or transferring data to another device.
If you connect your iPhone to a charging station and you receive a message asking you to “Trust” this device, don’t confirm it. Remember that you just connected your device to a power outlet, not to another device. So there’s no reason to trust the said device.
Charge Your iPhone Using a Wall Outlet or Power Banks
It may be an additional cost, but getting a USB battery, more popularly known as a power bank, can save you the hassle of getting attacked by malicious actors through juice jacking. If you don’t want to spend on a power bank, an extra charger along with your charging cable is an alternative. You can then use that cable to charge your iPhone using a wall outlet instead.
Use Charge-Only USB Cable When Charging Your iPhone
Another option if you can’t avoid charging your iPhone in public charging stations is to use a charge-only USB cable. This kind of cable only has the charging pin enabled, while the pins for transferring data are not present or disabled. Using such a cable when charging your iPhone in public stations will prevent malicious actors from juice jacking your device.
Final Words
Juice jacking can pose a serious threat to your personal information, so you must be cautious when using public charging stations. Depending on where you are located and whether it is popular, using a power bank is a good way of extending your iPhone’s battery life.
Thankfully, due to the mass availability of power banks on the market, prices have gone down as compared to their expense in the past. So, you can grab yourself one or two of these power banks without breaking the bank.
I would think that if the charging point has both full 120/220V 60/50Hz AC power as well as USB, the safe bet is to just use your regular charger plugged into the AC line. Because of the way switch-mode power supplies work, the AC gets rectified into DC. Any signal riding on the AC line would stop at the rectifier. Then the DC gets inverted through a power oscillator which changes it back to an AC current at a very high frequency (compared to the line frequency) – often at hundreds of kiloHertz (kHz). The inverted AC is then used to drive the primary winding of a high-frequency transformer. This is then rectified into DC and fed into the load. [1]
All of this serves to filter out any signal that might be riding on the AC at the first rectifier. Also, if well-designed, it’s very hard for any signal to get back from the device into the power line. (And Apple’s power adapters are nothing if not well-designed.)
TL;DR: Use an actual line-level AC outlet plus your device’s power adapter rather than any USB port provided at one of those charge points.
[1] Summarised from https://en.wikipedia.org/wiki/Switched-mode_power_supply
Yes, that’s absolutely the safest bet. However, many people have stopped carrying those “wall warts,” and many public charging points don’t even offer an AC outlet anymore. You have to hunt for one.
“Use Charge-Only USB Cable When Charging Your iPhone
Another option if you can’t avoid charging your iPhone in public charging stations is to use a charge-only USB cable. This kind of cable only has the charging pin enabled, while the pins for transferring data are not present or disabled. ”
I’m no expert on USB – far from it. However I have seen a number of other connections where data is passed over the power supply line and wonder if this is also possible with USB ?
I guess that a charge-only cable or adapter might also have a capacitor to nix these nefarious signals.
“One of the methods we always suggest as a quicker alternative to protecting your iPhone against juice jacking and of course, other potential cyber attacks is a trustworthy app like NordVPN.”
Does NordVPN actually protect against juicejacking ? I can accept that it protects against a number of network-based threats, but also against juicejacking ? I would be surprised but am prepared to accept definitive statements to the contrary.
Anyone ??
Arnold:
Great discussion and walk through. Yours truly always carries a power bank for just that reason – far cheaper than trying to fix compromised data.
@vpndev:
I don’t use NordVPN, so cannot address that particular product. Microsoft 365 offers a VPN in their bundle call Defender that actively scours the internet for your data (you can key enable credit card, SSI, passports, etc) in places where they should be, as well as your device and alerts you in real time to threats, provide you with guidance on next steps, as well as will actively sequester suspicious files into a secure folder and automatically delete after 90 days, and will cover all of your devices. Defender comes with the package, and is extended across macOS, ipadOS and iOS devices.
Most companies will tout their services for competitive advantage. If a company does not specify a service you desire, I would not assume that they provide it.
Where can I buy a charge only cable?
I found a couple of USB-A to USB-C charge-only cables on Amazon by searching for charge-only USB cable. I’ve yet to find one for Lightning, though. I did, however, find this accessory that you plug your Lightning cable into and it blocks the data.