Juice Jacking Explained: Understand & Prevent Phone Malware

What is juice jacking? The FBI Denver division warned citizens via X (formerly Twitter) to be aware of free public phone charging stations in airports, hotels, or shopping centers. They warned of "bad actors" who manipulate public USB charging stations to "introduce malware and monitoring software onto devices."

Though this threat seems to come out of the blue for many, it's actually been a concern for years. It's called juice jacking, and for users who travel often or frequently encounter public USB charging stations, it's something to be conscious of. In this article, learn what juice jacking is, how it works, how to avoid it, and how to tell if it's safe to use public charging stations.

What is juice jacking?

An image warning against juice jacking attacks

Juice jacking is a malicious cybersecurity exploit that uses phone charging stations, specifically USB charging stations, to transfer malware to connected devices. Unbeknownst to the user, the charging station they hook their phone into is infected with malware or other malicious hardware. Once they connect their phone, the device becomes vulnerable and is at risk for data loss, malware installation, and more.

The term "juice jacking" is catchy, but where does it come from? It stems from the colloquial association of electricity as "juice" - thus, charging a device is giving it juice - and a shortened version of the word "hijacking." Hackers take advantage of users trying to charge their devices and hijack the device for their own personal purposes. Therefore, they commit juice jacking.

How juice jacking works

Juice jacking works by leveraging the USB cord required to connect a device to the public charging station. In juice jacking attacks, bad actors infect the USB cord with skimming devices or other malware designed to silently enable data transfer mode on your device.

USBs serve multiple functions, including both data transfer and charging. However, users usually have the ability to choose what capabilities they want to enable when using a USB cord to charge their phone. With infected USB cords, the hackers can silently enable other capabilities that allow them to infect your device with malware, steal your information, or destroy your data. Users don't realize that anything has happened until it's too late.

Risks of juice jacking

Malware attacks are, unfortunately, far from uncommon. However, USB-based malware attacks increased 52% in 2022. Juice jacking and attacks like it are on their way to becoming legitimate and present threats. Juice jacking in particular presents four general risks to the user and their device: data theft, data loss, malware installation, and loss of access.

A man risks juice jacking as he uses a public phone charging port
  • Data theft: Most juice jacking attacks intend to steal data from users. In these attacks, users can lose access to crucial private information, like banking account information.
  • Data loss: Some malware simply clears out important data on your phone. You could lose access to important files, accounts, images, or more.
  • Malware installation: There's no telling what kind of malware a bad actor could install onto a device. From monitoring software like keyloggers to destructive covert software like Trojan horses, most USB attacks involve malware installation.
  • Loss of access: Some types of malware lock you out of your device, essentially giving control to the hacker. Hackers can also use your device in a botnet attack if properly infected, meaning they use your device for malicious purposes without your knowledge or consent.

How to tell if it's safe to use a public charging port

Unfortunately, there's no definitive way to tell if it's safe to use a public charging port. Malicious USB chargers look the same as secure ones, and plugging a device into a port can't check whether or not it's secure.

However, it's helpful to think like a hacker when considering if a public charging station is safe. Is the station in a high-traffic area? Would it attract a lot of people throughout the course of the day who need to charge their phones? If the charging station seems like it would make a good target for a bad actor, it probably is one.

Alternatives to public charging ports

If you're wondering how to avoid juice jacking, start at the source: try alternative charging methods for when you're out and about and find that your phone battery is getting low. Consider trying one of the following instead of a public charging port.

Use a portable battery pack

Portable battery packs are an excellent choice for travelers. Charge them before leaving, and once you're out, just plug your devices into the power bank. No wall outlet or charging station is needed. They're more convenient than public USB charging ports; you won't need to vie for an open plug.

Bring a battery phone case or charging case

Smartphone battery cases are an even more convenient alternative if you need a few extra hours of charge. These cases come with a built-in battery pack, meaning you won't have to carry around any additional equipment or chargers. Some charge wirelessly and some line up with a phone's USB port to deliver power, but all are multifunctional as protective cases and on-the-go chargers.

Try wireless chargers

Though wireless chargers still plug into a wall outlet or power source, they don't rely on a USB connection to charge. Instead, simply dock your phone or place it on the wireless charging plate to refresh your device's battery. If you're concerned about malware-infected USB cables, these are a great option.

Use your own USB and adapter

If you don't have the money or time to invest in one of the above options but still want to protect yourself against juice jacking, just carry a phone charger on you. A phone charger or USB and adapter can typically fit in a jacket pocket or purse. While you're waiting for a flight or hotel room, locate a wall outlet or power source and plug your own charger in.

Though public USB charging ports are handy, many of these options are equally convenient - if not more so - once you take the initial plunge and purchase an alternative product.

Juice jacking prevention tips

Though it's impossible to completely protect yourself against all digital threats, you can take steps to prevent a juice jacking attack from a public charging station. Consider using one or more of the following tips to help protect yourself and your devices.

Avoid public charging stations

The best way to prevent juice jacking is to avoid public charging ports altogether. Avoid all unattended chargers and chargers given to you by a stranger as well. These chargers themselves can be infected with malware or device-damaging hardware.

Use only trusted charging ports or use a portable charger

Avoid using someone's laptop to charge your phone or tablet, even in a pinch; you don't know what software, malicious or otherwise, that they have that could compromise your device. If you don't know where the charger you're using has been or whose devices it's charged, avoid it. Use chargers you bring yourself or chargers you can guarantee are safe.

Disable data transfer when charging

To prevent incidents like juice jacking, iPhones and Android phones ask users via an alert if they want to trust or share data with a device once connected. If you receive one of these alerts when charging, choose not to trust the device or select "Charge Only." This disables data transfer between devices, making it more difficult for you to receive malware on your phone or laptop from a charging port.

Use a USB data blocker

A USB data blocker lets you safely plug your device into USB charging ports and other hubs, like WiFi hotspots. If you have to use a public USB charging port, use a data blocker to prevent malware from reaching your phone, laptop, or other device.

Use antivirus software and protect your device

If you absolutely must use a public charging station, make sure you take the proper precautions. Download antivirus software, like Norton, to your device beforehand. Ensure you have a strong passcode or PIN on your device and all accounts containing sensitive data or personal information.

Juice jacking signs

Once you unplug your phone from a public charging station, you might not even see signs of a malware infection until later. It could take a few days to show up on your device. With that said, keep a watch for these signs. They indicate that your mobile device or phone has been juice jacked or infected with some type of malware.

A sign indicating a public phone charging port
  • Your device's battery drains faster than usual.
  • Apps take a long time to open, glitch, or crash frequently.
  • You see new or unusual pop-up ads on your device or within apps.
  • You discover apps or files on your device that you don't remember installing.
  • Your device's performance is generally slower.
  • Your device overheats or seems to be working overtime.
  • You can't receive updates anymore.

If you find you're experiencing several of these symptoms, learn more about the types of malware that could be on your device and what to do if they're detected.

What if you've been juice jacked?

If you believe you've been juice jacked, quick action is essential. The best course of action is to back up your phone data on your device and perform a reset. This will clear out any malicious software on the device and allow you to re-upload your apps and data afterward.

Preventing malware is easier than fixing it after the fact. To avoid future juice jacking, make sure you properly protect your device. Use a strong password and install a secure antivirus or anti-malware software program.

Frequently asked questions about juice jacking

Who is most at risk for juice jacking?

People who often travel to high-traffic locations and charge their phones, as well as those who have no additional safety or security measures enabled on their device, are most at risk for juice jacking.

As the FBI juice jacking warning mentions, airports, hotels, and shopping centers are among the places where users will most commonly encounter the threat. Hackers know that shoppers or travelers will frequent these charging spots. Therefore, they manipulate the ports with the hopes of hijacking a greater number of devices.

Furthermore, devices without proper security software have a higher risk of malware infection whether through juice jacking or another method.

Are public phone charging stations safe?

At this point in time, generally, public phone charging stations are safe to use. However, there is no good way to determine whether a specific public phone charging station is safe or not. Because of this, it's best to avoid them and juice jacking altogether. Instead, try a portable battery pack or phone charging case.

How common are juice jacking attacks?

As of March 2023, juice jacking is still not a widespread security threat. There have been documented cases. However, efforts to warn people about its dangers are largely preventative, given the amount of damage that an attack can do.

But the technology exists, and bad actors are certainly capable of using it. Therefore, it's much better to be aware and alert when it comes to potential juice jacking attacks.

What did the FBI say about juice jacking?

The FBI Denver X account issued a warning about juice jacking in April 2023. They stated that citizens should consider the threat of juice jacking in public places like airports, hotels, and shopping centers, and be aware of how to avoid it. They warned that users could have malware or monitoring software introduced onto their devices.