Using smartphones extensively on the go has now become a trend and sometimes also necessary if you use them for navigation. As a result, phone batteries get exhausted quickly and need to get recharged even on the go. To meet the increasing requirement, charging points are installed at various public places to help people recharge empty batteries of their phones conveniently.
With the surge in smartphones, along with conventional sockets, use of USB ports is also on the rise even at public charging stations, which are easy to use as there is no need of carrying the adopters of chargers that often don’t fit properly in the conventional sockets.
With the increasing convenience of using USP ports to charge smartphones at public charging stations, things become convenient for fraudsters as well to make bank accounts empty as more and more people now use mobile banking and other payment options through mobiles.
It was learnt in a hard way by Sujit (name changed), who plugged his phone into a USB power charging station at an airport after his phone battery had nearly drained. However, a few hours after, he got a message from his bank about unauthorised debit of about Rs 1 lakh from his account.
The investigation revealed that taking advantage of the situation that the said charging points at the airport were not under surveillance and were neither monitored nor checked as well, fraudsters tampered the cord and put an extra chip in it.
The chip deployed a malware that gave the fraudsters access to all the information stored in Sujit’s smart phone, which he was using for mobile banking.
After initiating a financial transaction on behalf of Sujit, the fraudsters were also able to view the One Time Password (OTP) sent by the bank in his mobile and used the OTP to validate the transaction to siphon off the money from his bank account.
This relatively new technique of defrauding people using USB charging ports is called Juice Jacking, which involves either installing malware or copying sensitive data from a smartphone, tablet or laptop of the victim with malicious intention.
"Juice Jacking fraud is when charging points are used to steal data from the phone. The fraudster can also put a malware which can then continuously compromise the phone even when its plugged out," said Dharshan Shanthamurthy, Founder and CEO, SISA.
If you are habitual of using public charging stations to charge your smartphone that is used for financial transactions and contains sensitive data, think twice before you plug it into a USB port, as your effort to fill your empty mobile battery may leave your bank account empty.
To prevent such a situation, it will be better for you to avoid public charging stations and carry a portable power bank. In case of urgency, use conventional sockets to charge your phone instead of USB ports.
"The simplest way to avoid this attack from a consumer standpoint is try to charge using AC plug point or using power wires with no data wires present. However, device manufacturers are also brought device protection mechanisms so that the hard drive does not get mounted without authentication," said Shanthamurthy.
You may also install an antivirus solution that protects your device from malwares and prevents data theft. However, if you still have any unauthorised debits from your account, contact your bank immediately.