1
00:00:00,000 --> 00:00:04,840
Could there be a hidden danger lurking in those public USB chargers?

2
00:00:04,840 --> 00:00:09,240
Sometimes these can be your only option if you're in a pinch somewhere like an airport,

3
00:00:09,240 --> 00:00:13,320
an arena, or a hotel. But as you know, USB doesn't just provide

4
00:00:13,320 --> 00:00:19,140
much needed power to your dying phone. It also sends data, which is where concerns

5
00:00:19,140 --> 00:00:22,200
about juice jacking have come from recently.

6
00:00:22,200 --> 00:00:27,800
The idea is that whenever you connect your phone or laptop to a USB outlet that leads God knows where,

7
00:00:27,800 --> 00:00:32,800
you're taking a chance that your device could be hacked or infected with malware.

8
00:00:32,800 --> 00:00:36,000
The American FCC has even gone so far as to warn people

9
00:00:36,000 --> 00:00:39,600
that a free USB charge could wind up draining

10
00:00:39,600 --> 00:00:43,800
your bank account. So how exactly would an attack like this work

11
00:00:43,800 --> 00:00:47,360
and how prevalent are they? The basic idea is pretty simple.

12
00:00:47,360 --> 00:00:51,520
A hacker modifies a public charging station or just sets one up on their own

13
00:00:51,520 --> 00:00:56,800
and when a hapless victim connects their phone, the compromised charger will simply get around

14
00:00:56,800 --> 00:01:00,120
the phone's built-in protections and starts sucking down private data

15
00:01:00,120 --> 00:01:01,600
like a digital big gulp.

16
00:01:03,600 --> 00:01:07,240
Blue raspberry. And it's important to note that these kind of attacks

17
00:01:07,240 --> 00:01:12,080
have been demonstrated to be possible rather than a purely hypothetical risk.

18
00:01:12,080 --> 00:01:16,360
They can be executed by everything from tiny computers the size of a raspberry pie,

19
00:01:16,360 --> 00:01:20,400
hiding inside charging stations, to special cables that allow attackers

20
00:01:20,400 --> 00:01:26,760
to inject keystrokes wirelessly. But get this, despite the hysteria around juice jacking,

21
00:01:26,760 --> 00:01:32,360
no cybersecurity firms have ever reported a single case of it happening out in the wild.

22
00:01:32,360 --> 00:01:36,960
Why is this? And does that necessarily mean that you're safe from juice jacking?

23
00:01:36,960 --> 00:01:42,840
One major reason modern phones are relatively safe from juice jacking is that phone manufacturers know

24
00:01:42,840 --> 00:01:48,080
that attacks through the USB port or Lightning port, if you're an iPhone user, are indeed possible.

25
00:01:48,080 --> 00:01:53,560
And as we've gotten more and more accustomed to using our phones as a gateway to critical private data,

26
00:01:53,560 --> 00:01:59,080
they've hardened their mobile devices against these attacks in a way they weren't just 10 years ago.

27
00:01:59,080 --> 00:02:02,160
The fact that we very rarely use the ports on our phones

28
00:02:02,160 --> 00:02:06,160
for anything other than charging has made it easier for phone manufacturers

29
00:02:06,160 --> 00:02:10,280
to beef up security. Most phones these days automatically treat data exchange

30
00:02:10,280 --> 00:02:15,040
over a cord as kind of suspicious. So on both Android and iOS,

31
00:02:15,040 --> 00:02:18,240
you have to go through a bunch of menus to approve a corded data connection.

32
00:02:18,240 --> 00:02:23,400
Something that should immediately raise red flags for most people should a public charging station

33
00:02:23,400 --> 00:02:27,880
request access. But beyond protections built into the phones intentionally,

34
00:02:27,880 --> 00:02:33,520
it's also difficult to quickly hack the average phone, even if you're trying to remotely punch in the keystrokes

35
00:02:33,520 --> 00:02:38,820
to bypass all those warnings we just talked about. Most attacks that would allow significant access

36
00:02:38,820 --> 00:02:42,200
to a phone require complex codes specifically written

37
00:02:42,200 --> 00:02:45,840
for a small range of devices. So an attacker would have to hope someone

38
00:02:45,840 --> 00:02:51,520
with a very specific model of phone plugs into their very specific fake charging station.

39
00:02:51,520 --> 00:02:54,680
In fact, tools that are used by actual law enforcement

40
00:02:54,680 --> 00:03:00,000
to crack phones as part of criminal investigations sell for tens of thousands of dollars.

41
00:03:00,000 --> 00:03:03,760
And even these can take days to actually unlock the target device.

42
00:03:03,760 --> 00:03:06,840
So even if a hacker has lots of money at their disposal,

43
00:03:06,840 --> 00:03:11,340
it doesn't make sense to try to deploy such a tool at a public charging station

44
00:03:11,340 --> 00:03:14,480
that a user might only be connected to for a matter of minutes.

45
00:03:14,480 --> 00:03:19,000
Any method that could quickly hack a modern phone would likely be sold in the dark web

46
00:03:19,000 --> 00:03:22,560
for a large amount of money to someone trying to go after

47
00:03:22,600 --> 00:03:27,160
a specific high value target, meaning not anyone like you and me.

48
00:03:28,520 --> 00:03:33,000
What the heck does that mean, John? But of course, I don't mean to say you, our dear viewer, aren't valuable.

49
00:03:33,000 --> 00:03:37,840
I'm just saying that juice jacking really isn't something you need to worry about.

50
00:03:37,840 --> 00:03:42,820
But if you're paranoid, just carry around a charging brick if you don't mind having awkwardly protruding

51
00:03:42,820 --> 00:03:46,480
and very warm pockets. And thank you for warming my pockets

52
00:03:46,480 --> 00:03:50,440
by watching this whole video. Hey, like the video if you liked it, dislike it if you disliked it,

53
00:03:50,440 --> 00:03:56,240
check out our other videos and comment below with video suggestions. And don't forget to subscribe and follow.

54
00:03:56,240 --> 00:03:57,720
But no hacking.