DEFINITION: The illegal hacking of a mobile device while attached to a USB port.
Identified by Black Hat in 2013 as the #1 threat for identity theft and malware for mobile device users.
REAL LIFE EXAMPLES:
- Wirelurker – a Trojan horse that affected 100’s of thousands of Apple iOS devices. The Trojan was installed when users downloaded a popular gaming app from a Chinese third party app supplier and was loaded onto personal computers. The malware then spread to people’s Apple mobile devices. Personal information was collected and the stolen data was sent wirelessly to an untrackable server. Apple addressed the vulnerability quickly, but not before vast amounts of personal information were exploited.
- MACTANS – This Black Hat demonstration at the 2013 annual conference proved the Juice-Jacking vulnerability. An audience of thousands of cybersecurity geeks watched in amazement and fear as Billy Lau, a research scientist from the Georgia Institute of Technology, showed Juice-Jack malware take screen shots when passwords were being entered. This demonstration was simply intended to for awareness and also may have had unintended consequences as bad guys discovered just how easy it is to exploit USB charging and Juice-Jack unsuspecting victims.
- NSA – According to whistleblower Edward Snowden, the NSA uses Juice-Jacking capabilities in its “catalog of exploits”. We all hope this is used with discretion and primarily targeted towards real threats to national security. But, if the US government is using it, you can bet others are as well. Be especially careful when traveling internationally.