Imagine this: you’re at an airport, and your phone’s battery is low. You spot a public charging kiosk—perfect, right? Well, not really. Welcome to the world of juice jacking. It’s like pickpocketing in the digital age, which happens while your phone is charging at public stations.

Juice jacking is mostly bad news for people who are always on the move, like travelers or those who do business on the go. Thus, this threat is on the radar of business cybersecurity risks.

While there isn’t much data on juice jacking or recorded events that serve as a precedent, this type of attack is a potential sleeper. Interestingly, earlier in 2023, the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) raised awareness about juice jacking, implying that such cases have appeared.

In this article, we’re diving into the not-so-sweet details of juice jacking. We’ll uncover what it is, how the bad actors pull it off, and how you can dodge this sneaky cyber trick. Ready? Let’s jump right in.

What is juice jacking?

Juice jacking is like a stealthy attack on a phone, tablet, or laptop. It happens when someone plugs a device into a public charging station, and sneaky software slips into it. The goal is to steal information or infect your device with malware.

Which devices are the usual targets? Phones and tablets are the top picks, but really, it’s anything that charges up through a USB port. Think about your devices—smartphones, laptops, and even some e-readers. If it charges using USB, it could be at risk.

Where is this attack most likely to happen? Airports, malls, hotels, gyms, libraries—places with public charging spots that seem helpful when your battery’s running low. Attackers know that when a battery’s dying, people don’t think about security—they just want that charge. And that’s when the attackers make their move.

The mechanics of juice jacking

Imagine the charging cable as a two-way street. Typically, we think it’s just there to send power to your device, but it can also transfer data.

But here’s the sneaky part—criminals rig the public charging stations with a so-called “skimming device”—think of it like a hidden microphone, but for data. It’s tucked away inside the USB port, out of sight, waiting to snatch the data. When someone plugs in their device, this skimmer gets busy, extracting information from it or dropping off malware like an invisible spy.

How juice jacking works

Let’s dive deeper. Juice jacking is all about two things: stealing your business data and leaving behind nasty surprises in the form of malware.

Data theft

While a device is charging in a public station, the hidden skimming device gets to work. It discreetly sifts through the device, hunting for valuable information. We’re talking emails, contacts, and even confidential business files—the juicy details that you definitely don’t want in the wrong hands. So, while you’re waiting for a battery boost, someone could also be shopping online with your credit card.

Malware installation

Having a device connected and charging, the skimmer plays the role of a malicious invader, planting unwanted malware into your device.

Malware can have many harmful effects, like discreetly spying on your business activities, interfering with your device’s operation, or even locking you out of your own files. It’s like leaving a device with a bug that keeps causing trouble long after you’ve unplugged from the charging station.

Why endpoint security matters

Endpoint security is important in the grand scheme of a business’s digital safety net. It’s like having well-trained guards at every door and window of your office in the digital dimension.

• A study by the Ponemon Institute reveals that 68% of organizations faced one or more endpoint attacks, leading to compromised data and/or IT infrastructure.

• According to an IBM publication, 79% of business travelers unknowingly risk exposure to attacks by using public USB ports or charging stations.

• A 2021 global Statista survey on endpoint security visibility revealed that 73% of participants considered isolating the endpoint from the network to be crucial for effectively responding to an endpoint attack. Meanwhile, 38% believed that locking user accounts and revoking credentials were vital actions in responding to such attacks.

In essence, endpoint security is not just a part of the defense; it’s a core element. It helps cement the walls of your business’s cyber fortress, ensuring that data remains protected and business operations flow smoothly without disruptions from sneaky, malicious invaders.

Preventing juice jacking

First, knowing if you’ve fallen victim to juice jacking is tricky. The device might act weird, like slower performance or unexpected pop-ups—signs that your device has been compromised if:

• The device consumes more battery life than usual

• It operates at a slower speed

• Takes longer to load

• Crashes frequently due to abnormal data usage

If you spot unfamiliar apps or your battery drains faster than usual, those could be red flags, too.

Best practices

Protecting your device starts with some simple habits. Keep a personal charger handy—your own charger is always the safest option. Public USB charging stations? Maybe skip those if you can. They’re like candy stores for cybercriminals.

To avoid being juice jacked, follow these tips for protecting your device:

• Steer clear of public USB charging stations

• Refuse requests for data transfer

• Opt for two-factor authentication or biometric login options when possible

• Bring along a personal portable charger or battery pack with you

• Use electrical outlets with your personal charging cable and wall charger

Technological solutions

Technology can be your ally here. Consider using USB data blockers—they let you charge without the risk of data transfer. And keep your device’s software updated; it’s like giving the device some armor against malware.

Awareness and training

Knowledge is power. The more people know about these sneaky attacks, the better. Organizations should consider conducting training sessions—they’ll make their defense game stronger. And stay updated—new tricks pop up, and keeping in the loop helps stay one step ahead.

Juice jacking and corporate security

For businesses, juice jacking is a real headache. It’s not just about one device—it could jeopardize the whole company’s data. Especially for traveling employees, staying cautious is key. A simple charge at a public station could turn into a costly data disaster.

Further readings to grow your cyber awareness

• Most common types of cyberattacks in 2023: learn about the latest cyber-attacks and arm yourself with crucial knowledge to strengthen your defenses.

• Top 5 cyber-attacks of 2022: explore the top 5 most fascinating attacks of 2022 to understand the mistakes made and how to avoid such threats in your organization.

• Quiz for Cybersecurity Awareness Month: discover how cyber-savvy you are and learn ways to enhance your online defenses.

• Creating a culture of cybersecurity in the workplace: learn how fostering a cybersecurity-aware culture can help reduce the risk of cyber-attacks and other security threats.

FAQ

What types of business data are most vulnerable during juice jacking?

Any data stored on your device can be at risk. This includes emails, contacts, customer information, and sensitive business documents. Basically, anything you wouldn’t want to fall into the wrong hands.

How can businesses prevent their employees from becoming victims of juice jacking?

Education is key. Make sure employees are aware of the risks associated with using public USB charging stations. Encourage the use of personal chargers and provide USB data blockers as a protective measure.

Are certain types of public charging stations riskier than others?

It’s hard to pinpoint which public charging stations are riskier, as any station could be compromised. However, stations in less secure or highly populated areas may present a higher risk.

What immediate steps should be taken if an employee suspects their device has been juice jacked?

If there is suspicion, immediately stop using the device and disconnect it from networks to prevent potential data transmission. Conduct a thorough security scan, remove unfamiliar apps, and change passwords as a precautionary step.

How can a business assess the security of a public charging station?

It’s challenging to assess the security of a public charging station on the spot. Instead, focus on equipping employees with tools and knowledge to avoid risks, such as carrying personal chargers or using USB data blockers.

Should businesses avoid the use of public charging stations altogether?

While it’s not always feasible to avoid public charging stations entirely, minimizing their use and applying protective measures, like using USB data blockers, can help mitigate risks.

Can updated or newer devices still be susceptible to juice jacking?

Yes, even the latest devices can fall victim to juice jacking. Keeping devices updated and using security tools can help protect them, but awareness and caution are crucial.

Is the modern cybercriminal a solitary figure acting as a lone wolf? Or are they more often part of a sophisticated, white-collar pack? We discuss this with Mark T. Hofman, a well-known crime and intelligence analyst. Together, we explore the mechanics and motivations behind cybercrime. Spoiler alert: it’s not just about money. 

In our talk, we examine the tactics of cybercriminals. How they exploit human behavior, not just system vulnerabilities, to target victims. We shed light on why people click on suspicious links.  We also reveal organizations’ weakest links. Finally, we discuss what it means that cyber-attacks fail at the coffee machine.

Dive into the interview and learn how to build a strong human firewall in your business.

The interview’s highlights

• Cybercriminals don’t fit the stereotypes shown in movies. They operate within structured, business-like entities that use advanced tactics like ransomware-as-a-service.

• Cyber attackers often seek thrills, not just money. The excitement of outsmarting the system often motivates them more than financial gains.

• Cybercrime targets human error more than system flaws. It often exploits moments of inattention or bad luck. And has nothing to do with a victim’s intelligence.

• Cyber awareness across all levels of staff is key for organizational security. Anyone, even IT admins, can become the weakest link in a cyber-attack.

• Fostering a company culture of cybersecurity is key for digital safety. Just like looking both ways before crossing the street, taking precautions is a must.

Key insight #1: cybercriminals are smart individuals operating in company-like structures.

NordLayer: You often say in your keynote speeches that the idea of a lone cybercriminal is inaccurate. What is the reality?

Mark T. Hofman: Cybercriminals are often presented as 15-year-old teenagers with black hoodies sitting in a dark room. That’s a Hollywood myth.

The number one threat for many companies is ransomware and crime-as-a-service operations. The individuals behind these are not just kids. They’re sophisticated and work within organized, business-like setups on the economy’s dark side. These criminal organizations function like companies. They have customer support, quality management, recruitment, and specialists who negotiate ransoms.

For example, look at DarkSide, a group that attacked the Colonial Pipeline networks. Like many other cyber gangs, it is set up like a business with affiliates. They even issued a press release discussing their “ethics” and preferred targets.

NordLayer: Can you tell us more about how these ransomware-as-a-service structures work?

Mark T. Hofman: Everything starts with a ransomware creator, like DarkSide. They make ransomware that locks and encrypts data once it gets into a victim’s computer.

What’s interesting is that DarkSide doesn’t interact with the victims. Instead, they operate through a network of affiliates responsible for infiltrating computer systems. These affiliates use DarkSide’s ransomware and subscribe to their malicious software.

The fees for using this service vary based on how much ransom is taken from the victim. This shows the sophistication and organization level within modern cybercrime enterprises.

Key insight #2: cybercriminals love the challenge of beating the system more than money

NordLayer: You’ve talked to quite a few cybercriminals. What really drives them?

Mark T. Hofman: When I talk with threat actors on the darknet, X, 4chan, various forums, and Telegram groups, I try to figure out as much as possible about their psychology and methods. In my keynote talks, I share this knowledge to help companies and government agencies understand how to protect themselves.

Here’s the scoop: many people believe they are only after money. Sure, that’s part of it. But for many, it’s not just about money. It’s more about the psychological trait of thrill-seeking or the challenge to beat the system. Many cybersecurity experts might disagree with this argument. But, if you already have millions of dollars in Bitcoin in your wallet and you still commit crimes, then your motive is not money but greed.

For example, cybercriminals often target government institutions, not because of financial gains but simply because they can. It’s a game of cat and mouse. Or a game of chess that always gives you a challenge.

Another thing is that most cybercriminals start young, around 10 to 15 years old. They play with technology, take things apart, and try to find bugs or hacks in computer games. Here, it’s a mix of boredom and thrill-seeking behavior. For many, school is boring, and there are more interesting hacks to learn on platforms like Reddit. YouTube is usually their entry point before going into the dark net. For many 11-year-olds, cybercrime is a way to gain recognition and respect.

In contrast, young soccer talents get support at school and the opportunity to join a soccer team. What support is there for coding talents? Mostly nothing. If we want to prevent cybercrime in the long term, we should give 11-year-olds a chance to use their skills for good purposes. Otherwise, they may learn the wrong things on the darknet and end up on the wrong side of the law.

Key insight #3: cybercrime exploits human psychology rather than system vulnerabilities.

NordLayer: In one of your YouTube videos, you said that cybercrime is not about technology but psychology. Why is that?

Mark T. Hofman: Over 90% of cyberattacks happen because of simple mistakes people make. And it’s clearly a psychological problem, not a technical one.

It’s people clicking on suspicious links, opening email attachments, plugging in USB flash drives they found in the parking lot, connecting to public Wi-Fi networks, having loud phone calls about sensitive topics at airport lounges, revealing their OTP (one-time password) on the phone, and falling for deception like honeytraps or well-made deep fakes. In short, cybercrime often uses human error—this is where psychology comes into play. And yet, this psychological aspect of cybercrime is often underestimated.

NordLayer: “I’m smart, I will never click on a suspicious link,” many people say. Yet, they do click and get attacked. How does that happen?

Mark T. Hofman: It has nothing to do with their IQ. It’s more about whether you’re paying attention at that moment or just having a run of bad luck.

For instance, if you get a phishing email about a recent Amazon purchase you didn’t make, you might say, “Who would be so stupid to click on this?” But, if you did make an Amazon purchase 20 minutes ago and now you get an email claiming there’s a problem with your order, you’re much more likely to click, and it has nothing to do with your intelligence. Everyone can fall victim to a cyber-attack. 

NordLayer: How do cybercriminals analyze our weakest points?

Mark T. Hofman: Most of the time, they don’t. For example, in many cases, phishing emails are not specifically targeted. They are sent out to thousands of users, hoping that someone will click on a suspicious link and take the bait.

I get phishing attempts from banks where I don’t even have an account. It just shows cybercriminals shoot in the dark. But when they target someone, like in spear phishing, open-source intelligence (OSINT), and on social media, they smartly use the information about you that’s available online.

Say an IT admin lists an XY software skill on their LinkedIn profile. They get an email saying, “Critical security update for software XY,” and even a tech-savvy IT guy might click. It shows everyone can fall victim to this type of attack.

NordLayer: How do you conduct cyber profiling? Is it similar to offline crimes?

Mark T. Hofman: Yes and no. In everything we do, we show something about who we are. Our behavior leaves personality traces. The same principle applies to cyberspace, where there are no physical traces but digital ones.

Cybercriminals decide when and how to attack, who to target, and what language to use in their threatening emails, ransom chats, or phone calls. They also leave a trail of their personality. And disclose their intentions or identity, which can be analyzed to learn more about them.

For example, the FBI uses a checklist to judge how serious a threatening letter is. Today, these letters aren’t letters anymore. They are social media posts, tweets, or emails, but their content can be analyzed in a similar way. So, some profiling methods used in the real world can also be applied in cyberspace.

Key insight #4: to create a robust human firewall, everybody in an organization must be aware of security.

NordLayer: Who is more at risk for online scams and cyber-attacks? IT professionals, who know the ropes or remote workers?

Mark T. Hofman: It’s a common misconception that IT professionals are immune to cyber threats because of their expertise. In fact, the risk isn’t about knowledge alone—it’s about context.

Many cyberattacks fail at the coffee machine. What do I mean by that? For example, identity theft scams like CEO fraud exploit a lack of face-to-face talk. If I meet my boss at the coffee machine and ask them about a bank transfer, and they respond with, “What bank transfer? I didn’t send you any email,” the attack fails.

Working from home increases the risk of cyber threats, as people might fall for online scams that prey on individual mistakes and the absence of a ‘coffee machine’ moment of verification.

NordLayer: What are the most successful social engineering techniques that attackers use?

Mark T. Hofman: Attackers often combine three elements, which I call the dark triad of cybercrime: time pressure, emotion, and an exception. Be cautious if someone calls you, triggers emotions, creates time pressure, and asks you to do something unusual.

Deepfake technology has advanced to the point where someone can replicate your voice with just a half-minute of audio. I could clone your voice and make you say anything in any language. Imagine your partner calls you and says, “Honey, I’m in trouble, you need to send me money.” It’s a combination of time pressure, emotion, and an unusual request, all classic signs of a scam. So, be careful when you get an urgent request for money, even if it appears to come from someone you trust.

NordLayer: Now, let’s discuss a cyber attack’s “butterfly effect.” How do small steps in an attack, such as a minor vulnerability, cause major problems across a system?

Mark T. Hofman: We need both technical security and a human firewall. Do you have a well-trained CISO or IT department? What do your interns or executive assistants know about cybersecurity? How security-aware are your C-level executives or your receptionist? Every chain is as strong as its weakest link, so we must reach out to everyone. My motto is “Make cybersecurity great again.” It’s because the main target group is people who are not interested in cybersecurity. They represent the weakest link. We must also make them security-aware.

Key insight #5: staying safe online is like looking both ways before you cross the street.

NordLayer: What can we do to become the human firewall?

Mark T. Hofman: I would be happy if people paid attention to the basics of cybersecurity. This includes using long and different passwords and enabling multi-factor authentication. Equally important are protective measures like firewalls, antivirus software, and VPNs at work and home.

We need physical and psychological awareness. This means being wary of third-party USB sticks, suspicious links, or email attachments and always keeping your software updated. Also, never leave your laptop or cell phone unlocked. Avoid buying USB sticks from online shops. And stay alert when emotions are triggered or something seems out of place.

When every employee understands that cybersecurity is a personal responsibility, not just the job of the IT, that’s what I call the human firewall.

NordLayer: Can education reduce human errors in the future? And how can AI help us make fewer mistakes?

Mark T. Hofman: Discussions on cybercriminals’ forums focus on AI’s risks and benefits. They see its opportunities but also worry that their crimes might get harder if businesses and law enforcement agencies understand the full potential of AI. I think the threat actors’ concern is good news for us.

Of course, cybercriminals also exploit AI technologies, such as deep fakes, and specialized versions of Chat GPT tailored for attacks, such as  WormGPT. I discuss the dark side of AI a lot in my talks. And AI also offers opportunities for defense and cyber profiling.

Basically, AI is like a knife. You can use it to make a salad or kill your wife. It’s a tool that can be used to create good and bad outcomes and will be used on both sides.

NordLayer: How can we engage and educate those not very knowledgeable about cybersecurity, including C-level executives?

Mark T. Hofman: At many cybersecurity conferences worldwide, I meet cybersecurity experts discussing cybersecurity topics with other cybersecurity experts. That’s great. But in the end, it’s interns, regular employees, or C-level executives who often open email attachments or click on suspicious links.

Cybersecurity must be entertaining and relatable to make people aware of threats. I always say, „Make it about people, not just about business.“. If you include “Three ways child predators can exploit your child in World of Warcraft” in your cyber-awareness training, guess what? Suddenly, mothers will care more about cybersecurity.

I also address private life and the so-called “grandchild trick.” Brief seniors in your family to be cautious when they get a WhatsApp message telling them, „Hi mom, I have a new number. “ Make cybersecurity matter to everyone.

Thank you.

Mark T. Hofmann, a crime and intelligence analyst and business psychologist, specializes in behavioral and cyber profiling. Featured on CNN, CBS, and 60 Minutes Australia and publications such as Forbes, Mark T. Hofman is also a popular keynote speaker, discussing the psychology of cybercrime and the dark side of AI.

How NordLayer can help

No matter if your team is in-office, hybrid, or fully remote, it’s vital to enhance your security and make your employees aware of it. Contact the NordLayer team for a customized solution for secure network access for your organization.