New airport warning for smartphones users
There is no subject that is more controversial in cybersecurity circles than the so-called jacking jacking. It generates new titles most of the years, when a government agency or another issues a new alert before the holidays. The stories are written and the cyber -sources are raised – there are more stories than attacks. But these stories still come. Now, however, a new warning suggests that there may be a risk for travelers after all.
Juice Jacking hits theoretically when you connect your phone to a cable or public charge at an airport or a hotel, and instead of being a stupid charger, it is a computer in the data extraction behind the scenes. This is very different from the dangerously designed attack cables which include a malicious payload in the cable itself.
The latest government warning (and the headlines 1,,2) is gracked with Tsa. “When you are at an airport, don’t connect your phone directly to a USB port,” he said. “Bring your electric brick or TSA compatible battery and connect there.” Indeed, “hackers can install malware on USB ports (we were told that this is called” JUICE / PORT JACKING “).”
TSA also warns that smartphones users “do not use free public wifi, especially if you plan to do online shopping. Never enter any sensitive information while using unsecured wifi. ” This threat of diversion of public wifi is almost as controversial as jackage of juice among cyber-experts. Tl; DR, although it compromises your location, all the encrypted data flowing towards or from your device from websites or applications must be safe.
Your biggest risk is to download an application from the Splash page from the malicious access point, fill out online forms or be redirected to fraudulent connection pages for Microsoft, Google or other accounts. The usual advice applies – Use Passkeys, do not connect to linked or contextual windows but use usual channels and do not give personal information. You should also be wary of WiFi hot spots to which you are connecting – are they real service of the hotel, airport or shopping center, or intelligently named counterfeits.
As for taking juice, there is now a new unpleasant touch to the existing story, which, although theoretical for the moment, could fuel the attacks that actually work. A new research document has introduced “a new family of attacks based on USB” called Choice of choiceWhat researchers say: “is the first to bypass existing attenuations of juice.”
The Austrian research team “has observed that these attenuations assume that an attacker cannot inject entry events while establishing a data connection. However, we show that this hypothesis does not hold in practice. We present a principle of platform attack and three concrete attack techniques for Android and iOS which allowed a malicious charger of the Concrete of Concrete data.”
This is more a problem for Android than iOS, but it is not something for most users. That said, if you think you could be the target of attacks or if you are traveling in higher risk parties in the world, I would strongly recommend that I do not use public charging points without a form of data shield or public wifi without VPN.
You should also be wary of unlocking your device when it is connected to everything you don’t have and that you do not control. Interestingly, Google and Samsung now defend devices against the extraction of USB data. There are also new updates for iOS and Android to restart the locked devices for more than 3 days, which also protects against cable attacks.
On the choice of choice, Kaspersky Said “Apple and Google blocked these attack methods in iOS / iPados 18.4, and Android 15”, but “Unfortunately, on Android, the OS version alone does not guarantee the safety of your smartphone … This is why Android users who have updated to Android 15 are invited to connect their smartphone to a safe -known computer via a cable and to check if a threat or a biometric confirmation is necessary.
