What is Juicejacking exactly?
Simply put, Juicejacking exploits a security vulnerability. It is the most innovative and advanced method of hacking mobile devices. This security vulnerability arises as soon as a mobile device, e.g., a smartphone, is supplied with power via a USB port and is connected to a third-party device, or is connected to a third-party device via USB. Examples of third-party devices are charging stations or points in publicly accessible places, e.g., in cafés, exhibition halls, shopping malls, hotels, airports, or train stations.
Comparable to manipulated ATMs, which have an attachment to store pin codes, charging stations can also be manipulated. This is referred to as compromised USB charging points. The computer inside the charging station may be infected with malicious programs to either pull (= copy) data from the device, or also to smuggle malware onto the connected device. Depending on the amount of data and the duration of the unprotected connection, the content of the entire mobile device can be copied and passed into unauthorized hands.
Malicious or malware infections can consist, for example, of malicious code, Trojans, spyware or keyloggers, which, among other things, can also enable complete control over the attacked system. Another form of USB port hacking is that the malicious code installed on the victim’s single device is programmed to harm all future USB charging points / ports it comes into contact with. This allows the hacker to penetrate multiple systems.
Stealing data is the real juicejacking. Both criminal operations – infecting with malware as well as copying other people’s data – are usually not detected at all or too late, and the doors are opened for further criminal actions (e.g. blackmailing the victim, online purchases in the victim’s name and at the victim’s expense, etc.).