Encyclopedia
Please note this is an old version of this entry, which may differ significantly from the current revision.
Subjects:
Others
For a reliable and convenient system, it is essential to build a secure system that will be protected from outer attacks and also serve the purpose of keeping the inner data safe from intruders. A juice jacking is a popular and spreading cyber-attack that allows intruders to get inside the system through the web and theive potential data from the system. For peripheral communications, Universal Serial Bus (USB) is the most commonly used standard in 5G generation computer systems. USB is not only used for communication, but also to charge gadgets. However, the transferal of data between devices using USB is prone to various security threats. It is necessary to maintain the confidentiality and sensitivity of data on the bus line to maintain integrity.
- cyber-attack
- malicious code
- USB code
- security
- hacker
- keystroke dynamics
- authentication
1. Introduction
Juice jacking is a well-known cyber-attack used to attack Universal Serial Bus (USB)-enabled devices such as mobiles, tablets, and laptops. It generally utilizes the charging port of a given device; then, whenever someone connects a given device to the system using this port, the hackers obtain all their personal information or may upload some malware onto the device. Therefore, it is necessary to detect and prevent these kinds of attacks.
Business travelers now have access to public USB power charging stations at airports, hotels, and other places to which they travel or stay [1]. In Android OS and iOS, this attack is more appropriate and the smartphone’s display can be exposed through a standard Micro-USB [2,3] connected using the Mobile High-Definition Link (MHL) standard or the iPhone’s lightning connector.
However, even without the instant injection of malware, a leakage to a rogue kiosk might cause a continual security threat [4]. An address book, images, music, and SMS are just a few of the items that may be accessible once the device is associated with a computer. Both data and power transfer can be accomplished using USB connectors [2,5]. A decade ago, security researchers worked out how to exploit USB connections, which a user might think are solely used to transfer power, to hide and transport secret data payloads, as cellphones grew more prevalent [6,7].
Markus, President of Aries security, and his fellow researchers Joseph Mlodzianowski and Robert Rowley, built the charging kiosk. They made charging stations more attractive with a variety of charging cables. When no device is connected, the charging station displays a blue image with the words “Free cell phone charging kiosk” and whenever any device is connected a red warning sign shows and a message: “Be careful and should not trust public kiosks” [8,9]. The wall of sheep is an event held at Defcon, which has allowed public access to juice jacking kiosks every year since 2011. This can raise awareness among the public [8,10]. In addition, juice jacking can be used by hackers to inject malicious code onto the devices and obtain information on those devices.
Regarding device connectivity, the Internet of Things (IoT) has offered the world a higher level of accessibility, integrity, availability, scalability, secrecy, and interoperability. IoTs, on the other hand, are vulnerable to security threats due to a mixture of various attack surfaces and their newness, resulting in a lack of security standardization and criteria. Attackers can use a wide range of cyberattacks on IoTs, depending on which aspect of the system they are targeting and what they expect to achieve from the attack [11]. As a result, a significant amount of research has been dedicated to building secure IoT devices. Recently, Artificial Intelligence (AI)-enabled approaches have been extensively utilized to implement secure IoT devices and networks. Typically, AI models identify anomalous activity, which helps to predict a given attack. In IoTs, cyber-attackers always have an advantage because they only need to uncover one vulnerability, whereas cybersecurity specialists must secure several targets [12]. Recently, various supervised learning models, such as decision trees, linear regression, machine learning, support vector machines, and neural networks, have been employed in IoT cybersecurity applications to predict threats.
2. Types of Juice Jacking
-
Data theft: In data theft, cybercriminals steal all information from the device, i.e., devices connected to charging stations through USB ports. As a result, hackers drop an additional payload to steal the information from the connected device [13].
-
Countermeasures: The best approach to avoid juice jacking attacks is to stay away from portable wall chargers and public charging stations [16]. You should keep an external battery or power bank. Random AC outlets have fewer risks than public USB stations. If there is no solution other than using a public charging station, then adapters are available in the device to block data transfer during charging.
Numerous methods are used to prevent juice jacking. These include ensuring devices are charged, avoiding the use of USB chargers, turning off gadgets while not in use, and purchasing charging-only cables. Phone security features and data blocks can also be used.Certain means and softwares can inform you if your phone is hacked, including battery drainage, poor performance, high data usage, and mysterious pop-ups. USB hardware can be divided into three types: programmable microcontrollers, USB peripherals (maliciously reprogrammed peripherals and non-reprogrammed peripherals), and electrical.
3. Features of Juice Jacking Attacks/Malware
The major features of juice jacking attacks/malware attacks are discussed as follows:
-
Easy to implement but quite adequate.
-
No need to install any more factors on phones, as the attacker does not require the installation of any additional software.
-
Does not need to ask for permission, as the attacker does not need to ask for permission from the user or install any apps on the phone.
-
Less user conjecture: the user is less aware of charging attacks than malware attacks.
-
Multi-platform: the attack is possible in androids as well as iPhones.
4. Motivation
As juice jacking is a software-based threat, it requires an acknowledgment that the software is fixed on the device and applicable on a limited platform, that is, Android OS and iOS. Therefore, it is better to avoid hardware-based vulnerabilities such as charging attacks by not installing too much software/security on a device. When a device is in charging mode, a juice jacking attack can automatically record the device’s screen and manually extract specific information [17,18]. Since devices such as mobiles, tablets, and notebooks contain confidential and sensitive data; therefore, it is necessary to secure these electronic devices against various attacks such as juice jacking. The main objective of this paper is to analyze juice jacking attacks by considering the maximum possible ways through which a system can be affected using USB. In addition, various techniques will be discussed, which can either be used to prevent or avoid the juice jacking attack.
5. Contributions
Juice jacking is a widespread cyber-attack that allows attackers to hack the given system using USB to steal the system’s data. Thus, USB is no longer a simple mechanism, used to transfer data or charge the devices due to security concerns. The main contributions of this paper are as follows:
-
Juice jacking attack is analyzed with the maximum possible ways through which a system can be affected using USB.
-
Ten different malware attacks are used for experimental purposes.
-
Various machine learning and deep learning models are used to predict the malware attacks.
-
Finally, various techniques are also discussed, which can either prevent or avoid juice jacking attacks.
This entry is adapted from the peer-reviewed paper 10.3390/su14020939
This entry is offline, you can click here to edit this entry!
