{"video_id":"x4ZFraU0u60","title":"Are Public USB Chargers Dangerous?","channel":"Techquickie","show":"Techquickie","published_at":"2024-05-04T14:58:16Z","duration_s":268,"segments":[{"start_s":0.0,"end_s":4.84,"text":"Could there be a hidden danger lurking in those public USB chargers?","speaker":null,"is_sponsor":0},{"start_s":4.84,"end_s":9.24,"text":"Sometimes these can be your only option if you're in a pinch somewhere like an airport,","speaker":null,"is_sponsor":0},{"start_s":9.24,"end_s":13.32,"text":"an arena, or a hotel. But as you know, USB doesn't just provide","speaker":null,"is_sponsor":0},{"start_s":13.32,"end_s":19.14,"text":"much needed power to your dying phone. It also sends data, which is where concerns","speaker":null,"is_sponsor":0},{"start_s":19.14,"end_s":22.2,"text":"about juice jacking have come from recently.","speaker":null,"is_sponsor":0},{"start_s":22.2,"end_s":27.8,"text":"The idea is that whenever you connect your phone or laptop to a USB outlet that leads God knows where,","speaker":null,"is_sponsor":0},{"start_s":27.8,"end_s":32.8,"text":"you're taking a chance that your device could be hacked or infected with malware.","speaker":null,"is_sponsor":0},{"start_s":32.8,"end_s":36.0,"text":"The American FCC has even gone so far as to warn people","speaker":null,"is_sponsor":0},{"start_s":36.0,"end_s":39.6,"text":"that a free USB charge could wind up draining","speaker":null,"is_sponsor":0},{"start_s":39.6,"end_s":43.8,"text":"your bank account. So how exactly would an attack like this work","speaker":null,"is_sponsor":0},{"start_s":43.8,"end_s":47.36,"text":"and how prevalent are they? The basic idea is pretty simple.","speaker":null,"is_sponsor":0},{"start_s":47.36,"end_s":51.52,"text":"A hacker modifies a public charging station or just sets one up on their own","speaker":null,"is_sponsor":0},{"start_s":51.52,"end_s":56.8,"text":"and when a hapless victim connects their phone, the compromised charger will simply get around","speaker":null,"is_sponsor":0},{"start_s":56.8,"end_s":60.12,"text":"the phone's built-in protections and starts sucking down private data","speaker":null,"is_sponsor":0},{"start_s":60.12,"end_s":61.6,"text":"like a digital big gulp.","speaker":null,"is_sponsor":0},{"start_s":63.6,"end_s":67.24,"text":"Blue raspberry. And it's important to note that these kind of attacks","speaker":null,"is_sponsor":0},{"start_s":67.24,"end_s":72.08,"text":"have been demonstrated to be possible rather than a purely hypothetical risk.","speaker":null,"is_sponsor":0},{"start_s":72.08,"end_s":76.36,"text":"They can be executed by everything from tiny computers the size of a raspberry pie,","speaker":null,"is_sponsor":0},{"start_s":76.36,"end_s":80.4,"text":"hiding inside charging stations, to special cables that allow attackers","speaker":null,"is_sponsor":0},{"start_s":80.4,"end_s":86.76,"text":"to inject keystrokes wirelessly. But get this, despite the hysteria around juice jacking,","speaker":null,"is_sponsor":0},{"start_s":86.76,"end_s":92.36,"text":"no cybersecurity firms have ever reported a single case of it happening out in the wild.","speaker":null,"is_sponsor":0},{"start_s":92.36,"end_s":96.96,"text":"Why is this? And does that necessarily mean that you're safe from juice jacking?","speaker":null,"is_sponsor":0},{"start_s":96.96,"end_s":102.84,"text":"One major reason modern phones are relatively safe from juice jacking is that phone manufacturers know","speaker":null,"is_sponsor":0},{"start_s":102.84,"end_s":108.08,"text":"that attacks through the USB port or Lightning port, if you're an iPhone user, are indeed possible.","speaker":null,"is_sponsor":0},{"start_s":108.08,"end_s":113.56,"text":"And as we've gotten more and more accustomed to using our phones as a gateway to critical private data,","speaker":null,"is_sponsor":0},{"start_s":113.56,"end_s":119.08,"text":"they've hardened their mobile devices against these attacks in a way they weren't just 10 years ago.","speaker":null,"is_sponsor":0},{"start_s":119.08,"end_s":122.16,"text":"The fact that we very rarely use the ports on our phones","speaker":null,"is_sponsor":0},{"start_s":122.16,"end_s":126.16,"text":"for anything other than charging has made it easier for phone manufacturers","speaker":null,"is_sponsor":0},{"start_s":126.16,"end_s":130.28,"text":"to beef up security. Most phones these days automatically treat data exchange","speaker":null,"is_sponsor":0},{"start_s":130.28,"end_s":135.04,"text":"over a cord as kind of suspicious. So on both Android and iOS,","speaker":null,"is_sponsor":0},{"start_s":135.04,"end_s":138.24,"text":"you have to go through a bunch of menus to approve a corded data connection.","speaker":null,"is_sponsor":0},{"start_s":138.24,"end_s":143.4,"text":"Something that should immediately raise red flags for most people should a public charging station","speaker":null,"is_sponsor":0},{"start_s":143.4,"end_s":147.88,"text":"request access. But beyond protections built into the phones intentionally,","speaker":null,"is_sponsor":0},{"start_s":147.88,"end_s":153.52,"text":"it's also difficult to quickly hack the average phone, even if you're trying to remotely punch in the keystrokes","speaker":null,"is_sponsor":0},{"start_s":153.52,"end_s":158.82,"text":"to bypass all those warnings we just talked about. Most attacks that would allow significant access","speaker":null,"is_sponsor":0},{"start_s":158.82,"end_s":162.2,"text":"to a phone require complex codes specifically written","speaker":null,"is_sponsor":0},{"start_s":162.2,"end_s":165.84,"text":"for a small range of devices. So an attacker would have to hope someone","speaker":null,"is_sponsor":0},{"start_s":165.84,"end_s":171.52,"text":"with a very specific model of phone plugs into their very specific fake charging station.","speaker":null,"is_sponsor":0},{"start_s":171.52,"end_s":174.68,"text":"In fact, tools that are used by actual law enforcement","speaker":null,"is_sponsor":0},{"start_s":174.68,"end_s":180.0,"text":"to crack phones as part of criminal investigations sell for tens of thousands of dollars.","speaker":null,"is_sponsor":0},{"start_s":180.0,"end_s":183.76,"text":"And even these can take days to actually unlock the target device.","speaker":null,"is_sponsor":0},{"start_s":183.76,"end_s":186.84,"text":"So even if a hacker has lots of money at their disposal,","speaker":null,"is_sponsor":0},{"start_s":186.84,"end_s":191.34,"text":"it doesn't make sense to try to deploy such a tool at a public charging station","speaker":null,"is_sponsor":0},{"start_s":191.34,"end_s":194.48,"text":"that a user might only be connected to for a matter of minutes.","speaker":null,"is_sponsor":0},{"start_s":194.48,"end_s":199.0,"text":"Any method that could quickly hack a modern phone would likely be sold in the dark web","speaker":null,"is_sponsor":0},{"start_s":199.0,"end_s":202.56,"text":"for a large amount of money to someone trying to go after","speaker":null,"is_sponsor":0},{"start_s":202.6,"end_s":207.16,"text":"a specific high value target, meaning not anyone like you and me.","speaker":null,"is_sponsor":0},{"start_s":208.52,"end_s":213.0,"text":"What the heck does that mean, John? But of course, I don't mean to say you, our dear viewer, aren't valuable.","speaker":null,"is_sponsor":0},{"start_s":213.0,"end_s":217.84,"text":"I'm just saying that juice jacking really isn't something you need to worry about.","speaker":null,"is_sponsor":0},{"start_s":217.84,"end_s":222.82,"text":"But if you're paranoid, just carry around a charging brick if you don't mind having awkwardly protruding","speaker":null,"is_sponsor":0},{"start_s":222.82,"end_s":226.48,"text":"and very warm pockets. And thank you for warming my pockets","speaker":null,"is_sponsor":0},{"start_s":226.48,"end_s":230.44,"text":"by watching this whole video. Hey, like the video if you liked it, dislike it if you disliked it,","speaker":null,"is_sponsor":0},{"start_s":230.44,"end_s":236.24,"text":"check out our other videos and comment below with video suggestions. And don't forget to subscribe and follow.","speaker":null,"is_sponsor":0},{"start_s":236.24,"end_s":237.72,"text":"But no hacking.","speaker":null,"is_sponsor":0}],"full_text":"Could there be a hidden danger lurking in those public USB chargers? Sometimes these can be your only option if you're in a pinch somewhere like an airport, an arena, or a hotel. But as you know, USB doesn't just provide much needed power to your dying phone. It also sends data, which is where concerns about juice jacking have come from recently. The idea is that whenever you connect your phone or laptop to a USB outlet that leads God knows where, you're taking a chance that your device could be hacked or infected with malware. The American FCC has even gone so far as to warn people that a free USB charge could wind up draining your bank account. So how exactly would an attack like this work and how prevalent are they? The basic idea is pretty simple. A hacker modifies a public charging station or just sets one up on their own and when a hapless victim connects their phone, the compromised charger will simply get around the phone's built-in protections and starts sucking down private data like a digital big gulp. Blue raspberry. And it's important to note that these kind of attacks have been demonstrated to be possible rather than a purely hypothetical risk. They can be executed by everything from tiny computers the size of a raspberry pie, hiding inside charging stations, to special cables that allow attackers to inject keystrokes wirelessly. But get this, despite the hysteria around juice jacking, no cybersecurity firms have ever reported a single case of it happening out in the wild. Why is this? And does that necessarily mean that you're safe from juice jacking? One major reason modern phones are relatively safe from juice jacking is that phone manufacturers know that attacks through the USB port or Lightning port, if you're an iPhone user, are indeed possible. And as we've gotten more and more accustomed to using our phones as a gateway to critical private data, they've hardened their mobile devices against these attacks in a way they weren't just 10 years ago. The fact that we very rarely use the ports on our phones for anything other than charging has made it easier for phone manufacturers to beef up security. Most phones these days automatically treat data exchange over a cord as kind of suspicious. So on both Android and iOS, you have to go through a bunch of menus to approve a corded data connection. Something that should immediately raise red flags for most people should a public charging station request access. But beyond protections built into the phones intentionally, it's also difficult to quickly hack the average phone, even if you're trying to remotely punch in the keystrokes to bypass all those warnings we just talked about. Most attacks that would allow significant access to a phone require complex codes specifically written for a small range of devices. So an attacker would have to hope someone with a very specific model of phone plugs into their very specific fake charging station. In fact, tools that are used by actual law enforcement to crack phones as part of criminal investigations sell for tens of thousands of dollars. And even these can take days to actually unlock the target device. So even if a hacker has lots of money at their disposal, it doesn't make sense to try to deploy such a tool at a public charging station that a user might only be connected to for a matter of minutes. Any method that could quickly hack a modern phone would likely be sold in the dark web for a large amount of money to someone trying to go after a specific high value target, meaning not anyone like you and me. What the heck does that mean, John? But of course, I don't mean to say you, our dear viewer, aren't valuable. I'm just saying that juice jacking really isn't something you need to worry about. But if you're paranoid, just carry around a charging brick if you don't mind having awkwardly protruding and very warm pockets. And thank you for warming my pockets by watching this whole video. Hey, like the video if you liked it, dislike it if you disliked it, check out our other videos and comment below with video suggestions. And don't forget to subscribe and follow. But no hacking."}