Fact-checked by Grok 2 weeks ago

Juice jacking

Juice jacking is a cyber attack in which hackers compromise public USB charging stations to steal sensitive data from or install malware on connected mobile devices, such as smartphones and tablets, by exploiting the dual functionality of USB ports for both power and data transfer.^[1] The term was first coined in 2011 by cybersecurity journalist Brian Krebs during discussions at the DEF CON hacker conference, highlighting the potential risks of public charging kiosks.^[2] Although theoretical demonstrations have occurred, such as at the 2013 Black Hat conference, no widespread real-world incidents of juice jacking kiosks have been publicly confirmed as of 2025, leading some analyses to describe it as a low-probability but plausible threat.^[3]^[4] The mechanism of juice jacking relies on the inherent design of USB connections, which allow bidirectional data exchange unless restricted by the device. When a user plugs their device into a tampered charging station—often found in airports, malls, or hotels—the station can establish a trusted connection, granting access to the device's storage, contacts, photos, or even enabling remote control for further exploitation.^[5] Attackers may preload malware like ransomware or Trojans onto the station, which activates upon connection, potentially leading to identity theft, financial loss, or unauthorized surveillance without the user's immediate awareness.^[5] Signs of compromise, if any, might include unusual battery drain, sluggish performance, or unexpected crashes due to abnormal data activity.^[1] Government agencies, including the U.S. Federal Communications Commission (FCC) and the Federal Bureau of Investigation (FBI), have issued public advisories on juice jacking since at least 2019, emphasizing its risks during travel when devices are low on battery and users are tempted by free charging options.^[6] Prevention strategies focus on avoiding data-enabled connections: users are advised to carry personal chargers or power banks, opt for wall outlets with their own cables, use USB data blockers (which permit only power transfer), or enable airplane mode and decline any data sync prompts before charging.^[1]^[6] Emerging technical improvements, such as USB traffic encryption and device authentication protocols, are also being explored to mitigate these vulnerabilities at the hardware level; however, as of 2025, research has shown that some existing protections on iOS and Android devices can be bypassed by advanced attacks like ChoiceJacking.^[5]^[7]

Introduction

Definition and overview

Juice jacking is a type of cyber attack in which malicious actors tamper with public USB charging stations to steal personal data or install malware on connected mobile devices, exploiting the stations' ability to provide both power and unauthorized data access simultaneously.^[8] This threat targets smartphones, tablets, and other USB-powered electronics that users plug in for convenience, allowing attackers to siphon sensitive information such as contacts, photos, or login credentials without the user's knowledge.^[6] The risk arises primarily in high-traffic public spaces like airports, cafes, and hotels, where free USB charging kiosks are widely available to accommodate travelers and patrons with draining batteries.^[9] Although juice jacking remains largely theoretical in terms of widespread real-world incidents, its feasibility has been demonstrated since 2013, when researchers showcased proof-of-concept attacks at cybersecurity conferences.^[3] At the core of juice jacking is the Universal Serial Bus (USB) standard's dual role in delivering electrical power for charging while also enabling bidirectional data transfer between devices.^[6] This inherent functionality means that a compromised charger can initiate data exchange as soon as a device is connected, bypassing typical user prompts if the port is rigged.

Mechanism of attack

Juice jacking exploits the dual functionality of USB connections, which provide both power and data transfer capabilities, by compromising public charging stations to initiate unauthorized access to connected devices. Attackers first modify a public USB port, such as those found in kiosks or wall outlets, by embedding malware or connecting it to a hidden computer that acts as a malicious host.^[6]^[10] When a user plugs in their device for charging, the compromised port supplies power through the USB's VBUS pin while using the data pins (D+ and D-) to establish communication.^[11]^[5] The attack proceeds through the USB enumeration phase, where the malicious host queries the device to identify its capabilities and request access. This triggers a trust prompt on the user's device, such as "Trust this computer?" or "Allow access to photos and media?" on iOS or Android systems. If the user grants permission—often inadvertently while seeking a quick charge—the host gains elevated access, enabling rapid data siphoning or malware installation within seconds to minutes.^[12]^[11] Without user intervention, some attacks leverage protocol vulnerabilities to spoof inputs or bypass prompts, though this depends on the device's security configurations. The USB protocol's design, which assumes trusted connections for efficiency, facilitates this unauthorized enumeration and transfer.^[5] In a typical scenario, a traveler at an airport connects their smartphone to a tampered charging kiosk, which masquerades as a standard power source but functions as a rogue computer. Upon connection and trust approval, the kiosk enumerates the device and extracts sensitive files like contacts, photos, or login credentials, potentially transmitting them to the attacker's remote server before the user disconnects.^[10]^[6] This process exploits the convenience of public charging without altering the physical appearance of the port, making it indistinguishable from legitimate ones.^[11]

History

Early demonstrations

The term "juice jacking" was coined in 2011 by cybersecurity journalist Brian Krebs in a blog post discussing potential data theft risks at public charging kiosks during the DEF CON hacker conference.^[13] These discussions highlighted vulnerabilities in public charging setups, though practical proofs-of-concept were limited prior to 2013. In 2012, security researcher Kyle Osborn released P2P-ADB, a framework utilizing USB On-The-Go to connect an attacker's phone to a target device for data extraction with minimal user interaction.^[14] The first major public demonstration of an automated juice jacking attack occurred at the 2013 Black Hat USA conference in Las Vegas, where researchers from the Georgia Institute of Technology—Billy Lau, Yeongjin Jang, and Chengyu Song—unveiled "Mactans," a proof-of-concept malicious USB wall charger. This device exploited iOS vulnerabilities to inject malware into connected Apple devices without user interaction or jailbreaking, enabling rapid data extraction or further compromise in under one minute.^[15]^[16] The demonstration underscored the ease of embedding attack hardware in innocuous chargers, using off-the-shelf components like a BeagleBoard to mimic legitimate power sources while initiating unauthorized data transfers.^[17]^[18] Initial media coverage in 2013 amplified the event's impact, with outlets like Forbes and CBS News reporting on the potential dangers of public charging stations in airports, hotels, and cafes, urging users to avoid unsecured USB ports to prevent data theft.^[16]^[19]^[20]

Notable incidents and developments

In December 2019, the U.S. Federal Communications Commission (FCC) issued a consumer alert highlighting the risks of juice jacking at public USB charging stations, particularly urging travelers to avoid them at airports and hotels in favor of wall outlets to prevent data theft or malware installation.^[21] The threat evolved from theoretical demonstrations to practical concerns in the early 2020s, with attackers potentially combining juice jacking with advanced malware like ransomware delivered through compromised USB ports, amplifying the potential for widespread data exfiltration and device control.^[5] By 2022, the U.S. Army Cyber Command released a dedicated fact sheet on juice jacking, classifying it as an emerging military concern due to its potential to compromise sensitive devices in operational environments such as bases or during travel.^[1]

Technical aspects

USB protocol vulnerabilities

The Universal Serial Bus (USB) protocol operates on a host-device model, where a host—such as a computer or a public charging station—controls communication and power delivery to peripheral devices like smartphones. In this model, the host supplies power through the VBUS line and initiates data sessions using the differential data lines D+ and D-, which carry serialized data packets for enumeration and transfer. These data lines enable the host to detect a connected device via pull-up resistors that signal the device's speed (e.g., low-speed devices pull D- high, full-speed pull D+ high), allowing the host to begin the enumeration process without prior authentication.^[22]^[23] Key vulnerabilities in USB 2.0 and 3.0 stem from the absence of inherent authentication mechanisms, permitting any connected host to request and access device data upon successful enumeration. During enumeration, the host queries the device for descriptors (e.g., device class, vendor ID) over D+ and D-, and if the device defaults to mass storage or file transfer mode—common in many smartphones for convenience—unauthorized file access or transfers can occur without user intervention or explicit consent. This trust-by-default approach assumes physical security of connections, leaving the protocol open to exploitation when a malicious host, such as a tampered charging port, masquerades as a legitimate one to inject payloads or exfiltrate data.^[23]^[5]^[24] The evolution to USB Type-C introduces enhancements like Power Delivery (PD), which negotiates higher power levels (up to 100W or more) over the CC (configuration channel) pins alongside data transfer capabilities, but retains exploitable flaws due to non-mandatory security handshakes. While USB Type-C includes optional Type-C Authentication (TCA) for verifying cables and chargers via public-key infrastructure, launched by the USB Implementers Forum in 2019, it lacks bidirectional authentication, firmware validation, and enforcement for legacy devices, allowing rogue PD chargers to initiate data sessions without verification and bypass protections in mixed-mode connections. As of 2025, TCA adoption remains limited, with new attacks demonstrating ongoing vulnerabilities in practical implementations. These features improve power efficiency but do not eliminate the protocol's core reliance on unverified enumeration for data access.^[23]^[5]^[25]

Types of juice jacking attacks

Juice jacking attacks can be categorized based on their primary objectives and methods, typically involving the exploitation of USB connections at public charging stations to compromise connected devices. These variants leverage vulnerabilities in USB protocols, such as enumeration, to either extract data passively or actively deliver malicious payloads.^[5] The data theft variant focuses on the passive extraction of sensitive information from the device without the need to install persistent software. In this approach, cybercriminals use compromised USB ports or cables to surreptitiously access and copy files, contacts, photos, SMS messages, or other stored data during the charging process. This method relies on the device's automatic trust in the USB connection to enable data transfer, often occurring within seconds of connection via hidden skimming mechanisms embedded in the charging station.^[5]^[26] The malware installation variant involves the active delivery of malicious payloads through the USB interface to compromise the device more deeply. Attackers preload charging stations or cables with malware such as keyloggers, ransomware, Trojans, or adware, which is transferred to the device upon connection and enumeration. Once installed, this software can monitor user activity, encrypt files for extortion, or facilitate further unauthorized access, persisting until detection and removal.^[5]^[26] Hybrid attacks combine elements of data theft and malware installation, often enhanced by social engineering tactics to increase effectiveness. For instance, attackers may distribute infected charging cables as promotional items at kiosks or airports, tricking users into connecting them; upon doing so, the cable not only extracts data but also prompts fake trust dialogs to authorize malware installation. These methods exploit user behavior, such as the urgency to charge devices in public spaces, to bypass security prompts and achieve multiple objectives simultaneously, including screen recording via specialized USB connectors in advanced scenarios like "juice filming."^[5]^[26] As of 2025, a new family of attacks known as ChoiceJacking has emerged, which uses malicious USB chargers to autonomously spoof user input and bypass device protections. This technique tricks mobile operating systems (including Android and iOS) into enabling data transfer or executing code without genuine user interaction, affecting 11 tested devices by exploiting USB choice prompts during charging.^[27]

Risks and consequences

Data security threats

Juice jacking poses significant risks to data confidentiality by enabling attackers to access sensitive information stored on mobile devices through compromised USB charging ports. Personal information, such as emails, passwords, and contact details, is particularly vulnerable, as malware can extract these from device storage or active sessions.^[6]^[5] Financial details, including banking app credentials and transaction histories, can be compromised when devices grant data access during charging, allowing attackers to siphon account information.^[8]^[28] Additionally, location history from synced applications or GPS data may be retrieved, providing attackers with insights into user movements and habits.^[5]^[28] Attackers exploit juice jacking through methods that facilitate rapid data exfiltration or persistent monitoring. In data siphoning attacks, compromised USB ports or cables can transfer large volumes of files—such as photos, messages, and documents—from the device to the attacker's system in seconds to minutes, depending on the USB protocol speed and device permissions.^[5]^[28] Alternatively, attackers may inject tracking software, such as keyloggers or remote access tools, which enable ongoing surveillance by recording keystrokes, screen activity, or network traffic even after the initial connection ends.^[8]^[2] These breaches often involve malware delivery, where malicious payloads are installed to maintain unauthorized access.^[5] The scale of these threats amplifies the potential for severe data security breaches, particularly in high-traffic public areas like airports and hotels. Stolen personal and financial data can facilitate identity theft, where attackers impersonate victims to commit fraud or unauthorized transactions.^[6]^[8] For users with business devices, compromised information may lead to corporate espionage, exposing proprietary data or intellectual property to competitors or state actors.^[28] Such incidents underscore the vulnerability of unpatched devices, with studies indicating high success rates for attacks on both Android and iOS systems when data transfer is enabled.^[5]

Potential impacts on users

Juice jacking poses significant risks to individual users by enabling identity theft through the unauthorized extraction of personal information such as contact details, financial credentials, and login passwords from compromised devices.^[6] This can lead to fraudulent activities, including unauthorized account access and credit damage, while the invasion of privacy—such as exposure of personal photos, emails, and communications—often results in emotional distress, including anxiety and a sense of violation.^[29] Additionally, malware installed via juice jacking can lock or corrupt devices, rendering them unusable and requiring costly repairs or replacements, effectively "bricking" the hardware.^[6] Financial repercussions for affected users include direct monetary losses from unauthorized transactions executed using stolen banking details or payment information siphoned during charging.^[2] Such incidents can escalate to broader economic harm, as victims may face ongoing costs for credit monitoring, legal fees, and recovery efforts, though specific global estimates for juice jacking-related losses remain limited due to underreporting.^[30] On a societal level, juice jacking contributes to diminished trust in public infrastructure like airport and cafe charging stations, prompting users to avoid them and increasing reliance on personal alternatives such as portable power banks.^[2] This shift has led to heightened cybersecurity expenditures among travelers, including investments in data-blocking adapters and awareness training, as public warnings amplify concerns over convenient charging options.^[29]

Research and studies

Published research findings

One of the seminal demonstrations of juice jacking vulnerabilities occurred at the 2013 Black Hat USA conference, where researchers Billy Lau, Yeongjin Jang, and Chengyu Song presented "Mactans," a proof-of-concept malicious USB charger built on a BeagleBoard platform.^[15] This device exploited implicit trust mechanisms in iOS up to version 6, allowing unauthorized pairing, data extraction (such as the device's UDID), and injection of arbitrary malware without user interaction or passcode entry.^[15] Empirical testing showed 100% success rates on unpatched iOS devices, with the full attack—including malware deployment—completing in under one minute upon connection.^[15] The findings highlighted fundamental flaws in USB session establishment, prompting Apple to introduce user consent prompts for USB accessories in iOS 7 Beta 2 shortly after.^[15] In 2017, Weizhi Meng and colleagues published empirical research on the "juice filming charging" (JFC) variant of juice jacking attacks, evaluating their feasibility in practical settings like public charging stations. Through controlled experiments simulating airport and mall environments, the study demonstrated high accuracy (over 90% in identifying user activities such as app usage or video playback) by analyzing power consumption fluctuations via modified USB chargers on both Android and iOS devices. The attack succeeded in extracting privacy-sensitive inferences without data cables, relying solely on power lines, and revealed limited built-in defenses in pre-2020 Android versions (e.g., lacking robust power profiling restrictions) and iOS versions prior to enhanced accessory controls. Testing across multiple devices confirmed viability even with screen locks enabled, underscoring the threat in unattended public scenarios. Industry research complemented these academic efforts; at the 2018 RSA Conference, Symantec researchers detailed "Trustjacking," an extension of juice jacking exploiting iOS's iTunes Wi-Fi Sync feature to enable remote data access post-physical USB connection. This attack achieved persistent access on affected iOS 11 devices with over 95% success in lab tests by tricking users into granting trust via disguised prompts, allowing ongoing data exfiltration without repeated physical access. The study emphasized under-explored iOS-specific risks compared to Android-focused prior work, where USB debugging modes were more commonly analyzed. Overall, pre-2020 studies identified significant gaps, with early empirical work predominantly targeting Android ecosystems (e.g., via ADB exploits) and underrepresenting iOS pairing flaws, leading to incomplete mitigation strategies across platforms until post-2018 updates like Android's USB restrictions.^[31] These findings established juice jacking's high feasibility—often exceeding 90% success on unpatched systems—but noted challenges in real-world deployment due to user awareness and hardware costs.

Recent advancements and vulnerabilities

In 2025, a significant advancement in juice jacking techniques emerged with the development of ChoiceJacking, a novel USB-based attack that bypasses established mitigations on iOS and Android devices. This attack manipulates user choice prompts during USB connections, allowing malicious chargers to autonomously confirm data access modes such as Media Transfer Protocol (MTP) or Android Debug Bridge (ADB), even when users select "charge only" options. Demonstrated in security reports from April 2025, ChoiceJacking exploits race conditions in device input subsystems and protocols like Android Open Accessory Protocol (AOAP), enabling data exfiltration or malware installation on locked devices from manufacturers including Honor and Oppo.^[7]^[27] The technique represents an evolution from earlier juice jacking methods, which relied on direct USB data paths, by incorporating spoofed host-device interactions and Bluetooth Human Interface Device (HID) pairing to simulate user approvals in milliseconds. Researchers from Graz University of Technology and A-SIT detailed this proof-of-concept in a paper presented at the 34th USENIX Security Symposium in August 2025, highlighting its success across multiple Android versions and iOS implementations via a method termed T3. This vulnerability underscores persistent flaws in USB security models, where device prompts fail to prevent automated confirmations by attackers.^[32]^[33] Building on prior studies of USB protocol weaknesses, these developments reveal ongoing gaps, including limited empirical research on wireless charging as a secure alternative, despite its inherent immunity to data-based attacks.^[5] In response to ChoiceJacking, Apple released iOS 18.4 and Google issued Android 15 updates as of late 2025, requiring biometric or password authentication for USB data access on affected devices.^[7]

Public awareness

Government and expert warnings

In 2019, U.S. authorities began issuing early alerts about juice jacking risks associated with public USB charging stations, with the Los Angeles County District Attorney's Office warning that criminals were loading malware onto unattended cables and kiosks at airports and malls to steal data.^[34] By 2022, the U.S. Army Cyber Command released a fact sheet emphasizing the dangers of public charging at airports, hotels, and restaurants, where compromised USB ports could transfer malware or extract personal information without user knowledge. In 2023, the FBI issued a public service announcement via its Denver field office, advising against using free public USB ports in airports, hotels, and malls due to the potential for bad actors to introduce malware and monitoring software onto devices.^[35] The Federal Communications Commission echoed this, noting that while no confirmed real-world incidents were known, the tactic's feasibility warranted caution during travel.^[6] In 2025, warnings intensified with the U.S. Transportation Security Administration (TSA) issuing alerts specifically targeting airport USB ports, stating that hackers could install malware to compromise devices and recommending personal battery packs or AC outlets instead.^[36] Cybersecurity firms followed suit, with Malwarebytes highlighting a resurgence in alerts and introducing the "ChoiceJacking" variant, where malicious chargers spoof user interface elements to bypass device protections.^[37] McAfee updated its guidance to stress the ongoing evolution of these attacks, urging users to disable data transfer modes on USB connections.^[8] Experts have underscored the persistent and adapting nature of these threats. Researchers at Graz University of Technology, in a 2025 USENIX Security paper, described ChoiceJacking as operating under the same model as traditional juice jacking but leveraging malicious chargers to simulate button presses and gain unauthorized data access, noting that iOS and Android USB defenses had been trivially bypassable for years.^[27] International bodies, including the UK's National Cyber Security Centre (NCSC), incorporated juice jacking risks into broader travel cybersecurity guidelines, advising against public USB use abroad to prevent data exfiltration during international trips.^[38] In November 2025, as holiday travel season approached, state officials in Michigan issued warnings about juice jacking at public charging ports, urging travelers to use personal chargers to avoid potential data theft.^[39] These advisories have heightened public vigilance, leading to greater adoption of safe charging alternatives like personal cables and power banks among travelers.

Depictions in popular culture

Juice jacking has been dramatized in television investigations, particularly in segments highlighting real-world scenarios at airports and public venues to underscore its risks. In October 2025, KSL-TV's investigative report featured demonstrations of hackers compromising public USB ports in airport settings, illustrating how malware could be installed during charging to steal personal data.^[40] Similarly, Ars Technica covered a 2025 demonstration of "ChoiceJacking," a variant where attackers bypass device protections on iOS and Android via manipulated charging stations, portraying it as a persistent threat in public spaces.^[7] In entertainment, juice jacking appears in scripted shows and cybersecurity discussions within thrillers and podcasts, often as a plot device for data theft. The 2015 episode of CSI: Cyber titled "The Walking Dead" depicted hackers using compromised airplane charging ports to execute juice jacking attacks, grounding flights in a dramatic narrative of cyber disruption.^[41] Cybersecurity podcasts have referenced it in thriller-like storytelling; for instance, the 2019 Smashing Security episode explored juice jacking alongside YouTube hacks, framing it as a sneaky vulnerability in everyday travel.^[42] Other podcasts, such as TOSS C3's Episode 44 and Phishing for Compliments Episode 4, narrate it through expert anecdotes, likening it to covert espionage in public charging hubs.^[43]^[44] The concept has permeated social media through memes and viral trends, fostering informal awareness via humorous warnings. Phrases like "Don't juice jack your data" appear in TikTok videos and Instagram reels, often showing animated scenarios of phones being "hijacked" at charging stations, with millions of views amplifying the message.^[45] On Twitter, the hashtag #JuiceJacking trends sporadically, featuring user-generated memes comparing it to "vampire chargers" that drain more than battery life, contributing to grassroots education on avoidance.^[46] These depictions, while not tied to major films, blend cautionary tales with pop culture analogies to ports as "Trojan horses" in digital life.

Prevention and mitigation

Hardware-based solutions

Hardware-based solutions to prevent juice jacking primarily involve physical interventions that isolate power delivery from data transmission in USB connections. These approaches ensure that devices can charge safely without exposing them to potential malware or data exfiltration through compromised ports.^[6] Data blockers, often referred to as USB condoms or charge-only adapters, are small inline devices that physically sever the data pins (D+ and D-) in a USB cable while preserving the power pins (VBUS and GND) for charging. This prevents any data transfer between the device and the charging station. Products like the PortaPow USB Data Blocker and Plugable USB-MC1 exemplify this technology, where the data wires are removed or blocked at the hardware level to block juice jacking attacks.^[47]^[48]^[10] Public charging infrastructure can be modified to incorporate power-only USB ports, which omit data connectivity entirely, or use access controls like RFID locks to limit tampering. For instance, secure stations designed for government facilities, such as those from HonestWaves, employ data-blocking ports that restrict connections to power delivery only and integrate RFID-based access to prevent unauthorized modifications. These USB-A power-only configurations eliminate the dual-use vulnerability inherent in standard ports.^[8]^[49] Built-in device features provide an additional layer of hardware-level protection, such as Apple's USB Restricted Mode introduced in iOS 11.4.1 (2018) and enhanced in subsequent updates around 2020, which disables data access via the USB port after one hour of the device being locked, defaulting to charge-only operation. However, this safeguard can be bypassed under certain conditions, such as through sophisticated attacks exploiting USB protocol weaknesses.^[50]^[7]

Software and user behavior strategies

Software measures provide built-in protections against juice jacking by limiting data transfer over USB connections during charging. On iOS devices, USB Restricted Mode, introduced in iOS 11.4.1 and configurable via Settings > Face ID & Passcode > Allow Access When Locked > USB Accessories (set to Off), blocks unauthorized USB accessories from connecting after the device has been locked for more than one hour, preventing potential data exfiltration through compromised ports.^[51] Similarly, Android 15's enhanced Lockdown Mode, activated via the power menu, immediately disables USB data access while allowing charging to continue, effectively mitigating juice jacking risks when the device is locked.^[52] Third-party applications can supplement these OS features by monitoring for suspicious USB activity and scanning for malware. Mobile antivirus software, such as Norton 360, includes tools that warn users if USB debugging is enabled and perform real-time scans to detect malicious payloads that might be installed via tainted charging sessions.^[53] These apps provide an additional layer of defense by alerting users to anomalous behavior during or after connecting to unknown USB ports.^[54] User behaviors play a crucial role in avoiding juice jacking by minimizing exposure to risky connections. Always lock the device before plugging into any public charger, as this triggers OS-level restrictions on data transfer.^[6] On Android devices, disable USB debugging in Developer Options (Settings > System > Developer Options > USB Debugging) to prevent unauthorized access via Android Debug Bridge (ADB) tools that could be exploited in attacks.^[55] Opt for wall adapters plugged into AC outlets or personal portable batteries instead of public USB ports to eliminate data transmission risks entirely.^[6] Best practices further enhance protection through proactive maintenance and awareness. Regularly update the operating system to apply security patches that strengthen USB prompts and defenses against emerging threats like choice jacking bypasses.^[33] Educate yourself on recognizing suspicious charging stations, such as those in high-traffic areas like airports, and avoid them when possible by planning ahead with alternative power sources.^[56]

References

[1]
CYBERSECURITY FACT SHEET: Juice Jacking
Apr 19, 2022 · Juice jacking is a cyber attack in which a compromised Universal Serial Bus (USB) charging station transfers malware to, or steals personal information from, a ...
[2]
Why is 'Juice Jacking' Suddenly Back in the News? - Krebs on Security
Apr 14, 2023 · A term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.
[3]
Juice Jacking - Communications of the ACM
Sep 25, 2025 · Juice Jacking Realities News reports say the first demonstration of an automated attack using juice jacking took place at the 2013 Black Hat ...
[4]
How Serious Is the Security Threat of 'Juice-Jacking'? | Snopes.com
Apr 12, 2023 · Cybercriminals are using public USB ports in places like airports and hotels to introduce malware and monitoring software onto users ...
[5]
Juice Jacking: Security Issues and Improvements in USB Technology
Numerous methods are used to prevent juice jacking. These include ensuring devices are charged, avoiding the use of USB chargers, turning off gadgets while not ...<|control11|><|separator|>
[6]
What is 'Juice Jacking' and Tips to Avoid It
Apr 27, 2023 · You could become a victim of "juice jacking," yet another cyber-theft tactic. Cybersecurity experts warn that bad actors can load malware ...
[7]
What Is Juice Jacking? - McAfee
Juice jacking is a type of cyber attack where public USB charging ports are used to steal data from or install malware on your device.
[8]
What is juice jacking? Think twice before using public USB ports
Aug 7, 2018 · The term juice jacking was first coined in 2011 after researchers created a compromised charging kiosk to bring awareness to the problem. When ...
[9]
Survey reveals interesting details about American phone charging ...
Nov 10, 2022 · 88% of respondents reported using a wired charger. In addition, 46% said they use car chargers, 28% use wireless chargers, and 19% reported ...
[10]
Juice Jacking Attack - Sepio Cyber
A juice jacking attack takes advantage of the trust users place in public USB charging ports. Once a compromised cable or port is used, malicious software ...How A Juice Jacking Attack... · Can Juice Jacking Chargers... · Understanding A Juice...
[11]
Explained: juice jacking | Malwarebytes Labs
Nov 21, 2019 · Juice jacking is a type of cyberattack that uses a USB charging port to steal data or infect phones with malware. Learn how it works and ...
[12]
None
### Summary of Juice Jacking Attack Mechanism
[13]
Beware of Juice-Jacking - Krebs on Security
Aug 17, 2011 · “One thing we discovered: On certain devices, if you power them completely off, then charge them, they don't expose the data,” Markus said. This ...
[14]
[PDF] Mactans: Injecting Malware into iOS Devices via Malicious Chargers
To demonstrate practical application of these vulnerabilities, we built a proof-of-concept malicious charger, called Mactans, using a BeagleBoard. This hardware ...Missing: 2013 | Show results with:2013
[15]
This Fake Charger Will Hide A Trojan In Your iPhone's Facebook App
Jul 31, 2013 · The Mactans charger researchers built to infect iPhones with a spoofed Facebook trojan. Apple takes great pains to protect its air-tight iOS ...
[16]
Black Hat: Researchers Use iPhone Charger As Hacking Tool
Aug 1, 2013 · Using a Beagleboard, the researchers built a proof-of-concept malicious charger they refer to as Mactans. By. Brian Prince. | August 1, 2013 (4: ...
[17]
Black Hat: Don't Plug Your Phone into a Charger You Don't Own
Aug 1, 2013 · That simple iPhone charger seems innocent enough, but a Black Hat presentation revealed that a rogue charger could totally own your phone.
[18]
Hacked iPhone chargers could let snoops spy on devices - CBS News
Aug 7, 2013 · A device called Mactans presented at the Black Hat conference can mimic an Apple iPhone charger and install malicious software.
[19]
Mactans iOS Charger Malware Hack - Business Insider
Aug 2, 2013 · A demonstration at Black Hat, a Las Vegas conference on network security, showed that a hacked charger could totally own your iPhone, reports PC ...
[20]
[PDF] CAC Summary 12-11-2019 - Federal Communications Commission
Juice jacking uses public charging ports to steal information from and load malware onto devices. Consumers are encouraged to use wall outlets to charge their ...
[21]
Juice jacking: Why you shouldn't use public charging stations ...
Apr 11, 2023 · Juice jacking is a type of cyberattack in which a hacker manages to steal data from a smartphone, tablet or other electronic devices while it's being charged ...
[22]
USB in a NutShell - Chapter 2 - Hardware - Beyondlogic
A USB device must indicate its speed by pulling either the D+ or D- line high to 3.3 volts. A full speed device, pictured below will use a pull up resistor ...
[23]
[PDF] Understanding USB Insecurity in Versions 1 through C
Abstract—USB-based attacks have increased in complexity in recent years. Modern attacks now incorporate a wide range.
[24]
[PDF] Off-Path Injection Attacks on USB Communications - USENIX
Aug 9, 2023 · Attacks on USB Confidentiality and Integrity. USB's lack of any encryption and authentication mechanisms allows ad- versaries to eavesdrop on ...
[25]
Beware of Juice Jacking - State of Michigan
This happens when hackers install and hide a skimming device inside the USB ports of the kiosk. When phones are plugged in to charge, the skimming device ...
[26]
(PDF) The Cyber Crime of Juice Jacking in Developing Economies
Aug 6, 2025 · This paper formulates a simple architecture for Juice Jacking cyber-crime, review prove-of-concept experimentation for Juice Jacking from ...
[27]
[PDF] Monthly Cybersecurity Newsletter Russian Hackers Win Big
Feb 2, 2024 · The risks associated with juice jacking are profound. Beyond the immediate threat of malware infection and data theft, the implications can ...Missing: consequences effects
[28]
economic risks in the digital era with special reference to cyber fraud ...
Oct 17, 2024 · ... Juice jacking victims could experience identity theft and financial losses, which. could have serious negative effects on their economy.
[29]
SandUSB: An installation-free sandbox for USB peripherals
Feb 9, 2017 · This work investigates two emerging attacks - Human Interface Device (HID) attack and Juice Jacking attack - that leverage USB peripherals, and
[30]
iOS and Android juice jacking defenses have been trivial to bypass ...
Apr 28, 2025 · “Juice jacking” was coined in a 2011 article on KrebsOnSecurity detailing an attack demonstrated at a Defcon security conference at the time.Missing: Krebs | Show results with:Krebs<|control11|><|separator|>
[31]
[PDF] ChoiCeJaCking: Compromising Mobile Devices through Malicious ...
Aug 13, 2025 · Abstract. JuiceJacking is an attack in which malicious chargers com- promise connected mobile devices. Shortly after the attack.
[32]
ChoiceJacking: Compromising Mobile Devices through Malicious ...
In this paper, we present a novel family of USB-based attacks on mobile devices, ChoiceJacking, which is the first to bypass existing JuiceJacking mitigations.
[33]
Data theft during smartphone charging - Kaspersky
May 27, 2025 · The ChoiceJacking attack: stealing smartphone photos and data while charging via USB ... This attack became known as juice-jacking, and both ...
[34]
Warning: Protect your phone from choicejacking before it's too late
Jul 29, 2025 · Choicejacking is actually a more advanced upgrade to the older practice of juicejacking. With juicejacking, hackers install software on charging ...
[35]
'Juice Jacking' Criminals Use Public USB Chargers to Steal Data
Nov 8, 2019 · In the USB Charger Scam, often called “juice jacking,” criminals load malware onto charging stations or cables they leave plugged in at the stations.Missing: FBI | Show results with:FBI
[36]
FBI warns against using public USB charging ports - ABC News
Apr 11, 2023 · The FBI is warning the public against using charging stations in malls and at airports, according to a tweet from the bureau's Denver office.<|control11|><|separator|>
[37]
TSA Issues Security Warning About 'Juice Jacking' in U.S. Airports
Jun 12, 2025 · “Juice jacking” is where hackers manipulate public charging stations with hidden devices to steal data or install malware on your device.<|control11|><|separator|>
[38]
Juice jacking warnings are back, with a new twist | Malwarebytes
Jun 3, 2025 · Juice jacking is where an attacker uses a malicious public USB charger to install malware on, or steal information from, your phone.Missing: definition | Show results with:definition
[39]
Device security guidance - NCSC.GOV.UK
Our Device Guides cover the full range of concerns from choosing and purchasing devices to the advice you should give to end users.Missing: travel | Show results with:travel
[40]
Juice Jacking: How USB Ports Steal Your Mobile Data 2025
Aug 26, 2025 · Juice jacking attacks exploit public USB charging ports to steal data and install malware on mobile devices. With 40% of mobile users having ...Missing: percentage | Show results with:percentage
[41]
Juice jacking: Find out how public USB charging ports put you at risk ...
Oct 1, 2025 · Cybersecurity experts warn of juice jacking. Learn how hackers can get your information through public USB charging ports.
[42]
CSI Cyber and the Juice Jacking Airplane Wi-Fi White Whale
Apr 30, 2015 · His boss comes in and yells at him for sucking. Sifter's excuse for telling his boss absolutely nothing about his decision to ground hundreds of ...Missing: films | Show results with:films
[43]
Smashing Security podcast #155: Juice jacking, YouTube hacking ...
Nov 21, 2019 · Smashing Security podcast #155: Juice jacking ... Winner of the best and most entertaining cybersecurity podcast awards in 2018, 2019, 2022, 2023, ...
[44]
TOSS C3 Podcast - Juice Jacking Episode 44 - Spotify for Creators
Juice Jacking: How Hackers Use Public Charging Stations to Steal Your Data. In this episode of the TOSC3 Podcast, cybersecurity expert Greg Hanna uncover a ...
[45]
Phishing for Compliments - Apple Podcasts
In episode 4, I go over the alleged threat of Juice Jacking, which turns into ANOTHER kind of jacking, and ends with VPNs. Then, a teaser for the next show! *** ...
[46]
Juice jacking happens when cybercriminals use public ... - Instagram
Jan 13, 2025 · It works because these USB ports can transfer both power and data. When you plug your phone or device into a compromised port, hackers can ...Missing: trends | Show results with:trends
[47]
#Juice Jacking - Search / X
The latest posts on #Juice Jacking. Read what people are saying and join the conversation.
[48]
PortaPow USB Data Blocker - Protect Against Juice Jacking (Red, 1)
30-day returnsPortaPow has the only data blocker where the two wires which carry data have been physically removed, so you can be sure it is working.
[49]
https://honestwaves.com/industry/government/
[50]
Phone Charging Stations for Government Facilities
### Summary of Hardware Features Preventing Juice Jacking
[51]
What is USB Restricted Mode on iPhone? - Certo Software
Apr 11, 2025 · Apple's USB Restricted Mode is a security feature designed to protect your iPhone or iPad from unauthorized data access through the Lightning or USB-C port.
[52]
Allow USB and other accessories to connect to your iPhone or iPad
Oct 23, 2025 · Open the Settings app, then tap Privacy & Security · Scroll down to Security, then tap Wired Accessories. Wired Accessories in Privacy and ...
[53]
Lockdown mode in Android 15 protects your phone from 'juice jacking'
Jun 12, 2024 · When lockdown mode is enabled in Android 15, USB data access will be disabled, preventing potential "juice jacking" attacks.Missing: restricted | Show results with:restricted
[54]
Protection against juice jacking - Archive - Norton Community
Apr 12, 2023 · Juice jacking can infect user device with Malware. N360 app will protect user against Malwares. N360 System advisor feature will warn if “USB debugging” is ...
[55]
Protect Your Phone From Juice Jacking: Public Charging Risks ...
Nov 13, 2024 · Experts interviewed by journalists have been clear: the risk of compromising a smartphone through a USB port in a café or similar public setting is low.
[56]
Juice Jacking: When Charging Your Device Opens the Door to ...
May 22, 2025 · Juice jacking uses USB connectors to carry both power and information. Attackers hack USB ports to insert malware or create data pathways.
[57]
How to recognize and prevent juice jacking attack | NordLayer Blog
Let's dive deeper. Juice jacking is all about two things: stealing your business data and leaving behind nasty surprises in the form of malware.