WEBVTT 00:00:00.000 --> 00:00:04.840 Could there be a hidden danger lurking in those public USB chargers? 00:00:04.840 --> 00:00:09.240 Sometimes these can be your only option if you're in a pinch somewhere like an airport, 00:00:09.240 --> 00:00:13.320 an arena, or a hotel. But as you know, USB doesn't just provide 00:00:13.320 --> 00:00:19.140 much needed power to your dying phone. It also sends data, which is where concerns 00:00:19.140 --> 00:00:22.200 about juice jacking have come from recently. 00:00:22.200 --> 00:00:27.800 The idea is that whenever you connect your phone or laptop to a USB outlet that leads God knows where, 00:00:27.800 --> 00:00:32.800 you're taking a chance that your device could be hacked or infected with malware. 00:00:32.800 --> 00:00:36.000 The American FCC has even gone so far as to warn people 00:00:36.000 --> 00:00:39.600 that a free USB charge could wind up draining 00:00:39.600 --> 00:00:43.800 your bank account. So how exactly would an attack like this work 00:00:43.800 --> 00:00:47.360 and how prevalent are they? The basic idea is pretty simple. 00:00:47.360 --> 00:00:51.520 A hacker modifies a public charging station or just sets one up on their own 00:00:51.520 --> 00:00:56.800 and when a hapless victim connects their phone, the compromised charger will simply get around 00:00:56.800 --> 00:01:00.120 the phone's built-in protections and starts sucking down private data 00:01:00.120 --> 00:01:01.600 like a digital big gulp. 00:01:03.600 --> 00:01:07.240 Blue raspberry. And it's important to note that these kind of attacks 00:01:07.240 --> 00:01:12.080 have been demonstrated to be possible rather than a purely hypothetical risk. 00:01:12.080 --> 00:01:16.360 They can be executed by everything from tiny computers the size of a raspberry pie, 00:01:16.360 --> 00:01:20.400 hiding inside charging stations, to special cables that allow attackers 00:01:20.400 --> 00:01:26.760 to inject keystrokes wirelessly. But get this, despite the hysteria around juice jacking, 00:01:26.760 --> 00:01:32.360 no cybersecurity firms have ever reported a single case of it happening out in the wild. 00:01:32.360 --> 00:01:36.960 Why is this? And does that necessarily mean that you're safe from juice jacking? 00:01:36.960 --> 00:01:42.840 One major reason modern phones are relatively safe from juice jacking is that phone manufacturers know 00:01:42.840 --> 00:01:48.080 that attacks through the USB port or Lightning port, if you're an iPhone user, are indeed possible. 00:01:48.080 --> 00:01:53.560 And as we've gotten more and more accustomed to using our phones as a gateway to critical private data, 00:01:53.560 --> 00:01:59.080 they've hardened their mobile devices against these attacks in a way they weren't just 10 years ago. 00:01:59.080 --> 00:02:02.160 The fact that we very rarely use the ports on our phones 00:02:02.160 --> 00:02:06.160 for anything other than charging has made it easier for phone manufacturers 00:02:06.160 --> 00:02:10.280 to beef up security. Most phones these days automatically treat data exchange 00:02:10.280 --> 00:02:15.040 over a cord as kind of suspicious. So on both Android and iOS, 00:02:15.040 --> 00:02:18.240 you have to go through a bunch of menus to approve a corded data connection. 00:02:18.240 --> 00:02:23.400 Something that should immediately raise red flags for most people should a public charging station 00:02:23.400 --> 00:02:27.880 request access. But beyond protections built into the phones intentionally, 00:02:27.880 --> 00:02:33.520 it's also difficult to quickly hack the average phone, even if you're trying to remotely punch in the keystrokes 00:02:33.520 --> 00:02:38.820 to bypass all those warnings we just talked about. Most attacks that would allow significant access 00:02:38.820 --> 00:02:42.200 to a phone require complex codes specifically written 00:02:42.200 --> 00:02:45.840 for a small range of devices. So an attacker would have to hope someone 00:02:45.840 --> 00:02:51.520 with a very specific model of phone plugs into their very specific fake charging station. 00:02:51.520 --> 00:02:54.680 In fact, tools that are used by actual law enforcement 00:02:54.680 --> 00:03:00.000 to crack phones as part of criminal investigations sell for tens of thousands of dollars. 00:03:00.000 --> 00:03:03.760 And even these can take days to actually unlock the target device. 00:03:03.760 --> 00:03:06.840 So even if a hacker has lots of money at their disposal, 00:03:06.840 --> 00:03:11.340 it doesn't make sense to try to deploy such a tool at a public charging station 00:03:11.340 --> 00:03:14.480 that a user might only be connected to for a matter of minutes. 00:03:14.480 --> 00:03:19.000 Any method that could quickly hack a modern phone would likely be sold in the dark web 00:03:19.000 --> 00:03:22.560 for a large amount of money to someone trying to go after 00:03:22.600 --> 00:03:27.160 a specific high value target, meaning not anyone like you and me. 00:03:28.520 --> 00:03:33.000 What the heck does that mean, John? But of course, I don't mean to say you, our dear viewer, aren't valuable. 00:03:33.000 --> 00:03:37.840 I'm just saying that juice jacking really isn't something you need to worry about. 00:03:37.840 --> 00:03:42.820 But if you're paranoid, just carry around a charging brick if you don't mind having awkwardly protruding 00:03:42.820 --> 00:03:46.480 and very warm pockets. And thank you for warming my pockets 00:03:46.480 --> 00:03:50.440 by watching this whole video. Hey, like the video if you liked it, dislike it if you disliked it, 00:03:50.440 --> 00:03:56.240 check out our other videos and comment below with video suggestions. And don't forget to subscribe and follow. 00:03:56.240 --> 00:03:57.720 But no hacking.