Over the years, there have been a few initiatives that attempt to bring awareness to the idea that public USB charging ports are a disaster waiting to happen. In theory, these public charging ports could be compromised and be used to access data from your phone when you’re only trying to charge your phone, a process referred to as “juice jacking”.
And of course, some companies have tried to turn that into profit by selling “anti-hacker” USB cables. We even covered one such cable a few years ago with the OSOM Privacy Cable — a company that, perhaps unsurprisingly, has since shut down.
But the truth is, all of these cables are worthless. It’s not that they don’t function, bu…
Over the years, there have been a few initiatives that attempt to bring awareness to the idea that public USB charging ports are a disaster waiting to happen. In theory, these public charging ports could be compromised and be used to access data from your phone when you’re only trying to charge your phone, a process referred to as “juice jacking”.
And of course, some companies have tried to turn that into profit by selling “anti-hacker” USB cables. We even covered one such cable a few years ago with the OSOM Privacy Cable — a company that, perhaps unsurprisingly, has since shut down.
But the truth is, all of these cables are worthless. It’s not that they don’t function, but you just don’t need them. The solution to keeping your phone safe is free and built into your phone.
What do these cables do?
Offer a charging-only mode
The big selling point with products like the OSOM Privacy Cable and others of the same kind you may have seen is that they have a killswitch that completely turns off the data pins on the connectors, making it possible for any data to be sent through the cable.
On paper, it’s a smart idea, since it instantly prevents any data from being transferred unless you’re connected to a device you trust.
That seemingly sound logic is a trap for those who don’t know any better, though. These “anti-hacker” cables are often priced quite a bit higher than their standard counterparts. And it’s not like it doesn’t do what’s advertised; it is possible to turn off the data pins on a cable to prevent data from being sent through it. The problem is that doing this really doesn’t achieve much of anything.
Juice jacking is only a proof of concept
No proof of real attacks yet
It’s true that, for a while now, some researchers have tried to prove juice jacking is a real threat, and demonstrated it as such in lab environments and special testing conditions. In theory, juice jacking is possible and could be a threat.
On the whole, though, security researchers still consider this kind of attack to be a low level of risk, and that’s because there haven’t been any verifiable claims of it occurring in any real-life situation. In fact, an old information page by the Federal Communications Commission says it has no record of any real attacks using juice jacking, and other reports have arrived at similar conclusions.
Of course, in theory, a USB charging port could be used for data transfers, and it would be relatively easy for such a USB port to be placed in public and prey on unsuspecting users wanting to charge their phone. But there’s a big catch there.
Just say no
The hackers legally can’t steal your data
Here’s the thing: by default, your phone never exchanges data over USB unless you tell it to. If you plug in a cable with data transfer capabilities, your phone will simply ask what mode you want to use for the USB connection. The phone always defaults to just charging, so the cable can’t be used to take any data from your phone without your consent.
All you really need to do is be mindful if you plug into a charger and you see a pop-up asking you what to do. Unless you trust the port you’re connecting to, you should always stick with just charging. That’s all the protection you really need if you don’t want your data stolen. If you’re someone who tinkers with your phone, you may also want to disable USB debugging before plugging into an unknown port. You still need to give permission to devices connecting for USB debugging, but you don’t want to accidentally accept it, so that’s one way to prevent problems.
As an alternative, you can carry a power bank with you, and charge that using those public ports when you need them. That way, there’s no data to be stolen and no way for an attack to target your phone.
If you’re thinking of plugging in a laptop, that’s even less likely to be a problem. Most of these public ports still use USB Type-A connectors, which can’t charge laptops to begin with. If you do find a USB Type-C port out in public, it’s likely it still wouldn’t deliver the kind of power a laptop needs to actually charge, since power supplies that powerful tend to be somewhat costly. You’re always better off carrying your own laptop charger, and you likely won’t be as desperate to use one as you would be with your phone.
Don’t waste your money
Privacy and security concerns are more prominent than ever, and it seems like there’s a new threat every day that could put your safety at risk, so it’s understandable to be conscious of the potential dangers lurking in unsuspecting places. However, “juice jacking” has, so far, mostly boiled down to a fear-mongering strategy in an attempt to drive sales of overpriced USB cables that ultimately serve no purpose.
If you’re worried about someone hacking into your phone, there are many other ways you should be careful. When you’re at those same public places, avoid using public, unencrypted Wi-Fi networks to sign into websites with sensitive data, and for nearby connectivity, make sure your device is only discoverable to people you trust. And when you do plug into a USB charger in public, ensure you’re only using the charging mode, and don’t allow any data transfer modes to be enabled. That’s all you really need to stay safe.