Palo Alto Networks advises public to be wary of juice jacking

Cybersecurity company Palo Alto Networks supports the alarm raised by the US Federal Bureau of Investigation (FBI) on juice jacking in public places. Unsuspecting mobile device users have the habit of charging their smartphones or even laptops in airports or malls.

“We should always remember that nothing in the world is free,” said Sean Duca, VP and regional chief security officer for Asia Pacific & Japan at Palo Alto Networks. “Trusting public charging kiosks with your smartphone carries a significant risk of personal information being retrieved or downloaded without your consent.”

Cybersecurity solutions providers have warned against using public Wi-Fi as this gives hackers an entry point to their devices and network. Now comes the concern about juice jacking.

Ransomware attacks in PH surge by 60% — Palo Alto Networks
Palo Alto Networks discusses threats of AI-led cyberattacks

Juice jacking happens when mobile devices are connected to a public port using a USB (universal serial bus) cable. There are USBs for charging batteries and there are data cables. There are times when one is exclusive only for charging and there are ones that can be used for charging and transferring data from one device to another.

Malicious actors or hackers embed malware into charging stations and activate data transfer through the USB cables to infect connecting devices.


“The malware, now on the connected device, can then use seemingly normal notifications to trick people into giving it access,” Palo Alto Networks explained in a statement. “Examples include an app asking permission to access files similar to what social media platforms do or operating systems requiring users to authorize a new update.”

Ordinary or unsuspecting victims could easily give access as these notifications seemed “normal.” However, once access is granted, the situation resorts to the classic scenario of attackers being able to crawl into the victim’s files and applications to collect sensitive information, including bank account credentials or credit card details, to steal data or money.

“Malware requires a user’s permission, much like any other app on your phone, before it can actually infect a device,” Palo Alto Networks said. “The users are the last gate to keeping malware away, so it’s really important for them to think before they click and challenge why an app would request access to your personal information.”

“Public charging stations also carry the threat of malware infection and data theft, similar to the dangers of public Wi-Fi networks,” Duca said. “As a mobile-savvy nation, Filipinos need to be prepared to handle this risk by questioning whether we can trust our data with another device and understanding how it can be misused from the get-go.”