Juice Jacking
What is Juice Jacking?
Juice JackingAn attack in which a public or malicious USB charging port is used to install malware or exfiltrate data from a phone that plugs in, by abusing the data lines of the USB cable.
Standard USB cables carry both power and data; juice jacking exploits the data pins of a tampered or attacker-controlled charging port (airport, hotel, bus stations, public power banks). When a phone connects, the malicious host can attempt automated data extraction, install malware, or trigger MTP/ADB/PTP access depending on the device's auto-trust posture. Real-world incidence has been debated, but the attack class is real and trivially demonstrable in labs. Defences include using power-only "USB data blockers", carrying personal chargers and cables, charging via a wall adapter rather than unknown ports, disabling USB data when locked, and prompting before allowing host trust.
● Examples
- 01
A modified airport charging kiosk that installs spyware on an unlocked Android plugged in for a quick top-up.
- 02
A free public power bank with a hidden controller that attempts ADB connection during charging.
● Frequently asked questions
What is Juice Jacking?
An attack in which a public or malicious USB charging port is used to install malware or exfiltrate data from a phone that plugs in, by abusing the data lines of the USB cable. It belongs to the Attacks & Threats category of cybersecurity.
What does Juice Jacking mean?
An attack in which a public or malicious USB charging port is used to install malware or exfiltrate data from a phone that plugs in, by abusing the data lines of the USB cable.
How do you defend against Juice Jacking?
Defences for Juice Jacking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Juice Jacking?
Common alternative names include: Power-port attack.