• Subscribe
  • Magazines
  • Advertise
  • Contact Us
  • Podcasts
  • Buyers Guide
  • GSE Expo
    1. Airports

    What Airports Need to Know About Juice Jacking 

    April 14, 2023
    Juice Jacking is the latest malware attack surfacing in public spaces like airports where the public seeks power for portable devices during prolonged dwell times. Vidergy Founder/CEO Tre Zimmerman explains the issue and what airports need to know.
    Vidergy
    Vidergyimage 6439a06a7f5f9

    Airports are facing another security challenge when it comes to protecting passengers and this threat is powered by a source they might not expect: USB ports.

    Juice Jacking is the latest malware attack surfacing in public spaces like airports where the public seeks power for portable devices during prolonged dwell times. The issue is now reaching prominence in North America, so Airport Business asked Vidergy Founder/CEO Tre Zimmerman to explain the issue and what airports need to know to protect themselves.

    What is Juice Jacking?

    Juice Jacking is a type of cyberattack where a malicious individual installs malware onto a public charging station, such as those found in airports, shopping malls, or other public places. This type of attack works by using a charging cable that has been modified to include a small computer chip or malicious code installed in the USB port, which can be used to infect a device with malware when it is plugged in for charging.

    When a user plugs their device into the modified charging cable or infected charging station, the malware is automatically installed onto the device. The malware can then be used to steal sensitive information, such as usernames, passwords, and other personal data. The malware can even be used to take control of the device, allowing the attacker to access and manipulate the data stored on it.

    Can a Hijacked Port Infect the Entire Electrical System of an Airport?

    If a charging port is infected with malware due to juice jacking, it is unlikely to spread throughout the entire electrical system. This is because the charging port is typically isolated from the rest of the electrical system and operates on a separate circuit, it generally only affects the device that is connected to that port, and not the entire electrical system. Malware is designed to exploit vulnerabilities in the software of a particular device, such as a phone or computer, rather than the hardware of the charging port itself.

    It’s not possible for data to be written over AC power lines without special equipment such as a PLC modem. AC power is used to transmit electrical power over long distances, and not designed for data transmission. While it is possible to transmit data over power lines using specialized equipment, this typically involves using the electrical wiring in a building as a medium for data transmission, rather than the power lines themselves.

    Even if malware were to somehow infect the entire electrical system, it would not be able to transmit data over the AC power lines. However, it’s possible malware may spread to the connected device and infect its files or other parts of its system. If the infected device is connected to a network, the malware may be able to spread to other devices on the same network, depending on the type and capabilities of the malware.

    Why is it Difficult to Defend Against Juice Jacking?

    Airports are usually crowded, and there are numerous charging stations available for people to use. With so many people using these charging stations, it becomes difficult for security personnel to monitor all of them. Charging stations are often located in places that are not easily visible, such as under tables or in corners. This makes it easy for attackers to install malicious devices without being noticed.

    People are often in a hurry at airports and may not have their own charging cables or power sources with them. This makes them more likely to use public charging stations, even if they are not entirely sure about their safety. Many people are not aware of the risks associated with juice jacking and may not take steps to protect themselves from it.

    How do I Know if a Charging Port is Juice Jacked?

    Airports can employ various methods to detect Juice Jacking malware in their charging stations. These methods include manual inspections, malware scanning, traffic monitoring, regular security auditing, and the use of automated outlet tools like Vidergy's power and activity monitoring.

    Manual inspection involves physically checking for any signs of tampering or malicious devices attached to the charging ports, cables, and other components. Technicians can look for unusual or suspicious devices that may have been inserted into the charging port or cable.

    Malware scanning uses anti-virus and anti-malware software to scan the charging stations for any malicious code or activity. These programs can detect if any malware has been installed on the charging station or if any suspicious files or programs are running on it.

    Traffic monitoring helps detect any suspicious or unauthorized data transfers. This method involves monitoring the network traffic passing through the charging station and looking for any unusual patterns or behavior that may indicate an attack.

    Regular security auditing is crucial to identify vulnerabilities and potential security risks, including reviewing security logs, checking for software or firmware updates, and conducting security assessments. This method can help identify any weaknesses or security holes in the charging station system that could be exploited by attackers.

    Finally, automated tools can run on public charging stations actively monitoring for suspicious activity in real-time and alert security personnel of any suspicious activity. These tools provide a proactive and efficient way to detect Juice Jacking attacks sooner potentially eliminating the wide spread of the malware.

    By combining these methods, airports can ensure that their charging stations are secure and free from Juice Jacking malware, providing travelers with a safe and secure charging experience.

    What if I Find a Juice Jacked Charging Port?

    If you suspect juice jacking malware has been installed on your device, it is important to take immediate action to remove it. The steps to remove malware may vary depending on the type of malware and the device that has been infected, but some general steps include:

    1. Disconnect your device from the charging port or power source that you suspect is infected. This will prevent the malware from continuing to run on your device.

    2. Restart your device in safe mode. This will prevent any additional malware from loading and give you a chance to remove the malware.

    3. Use reputable antivirus software to scan your device for malware. The antivirus software will detect and remove any malware that it finds.

    4. Uninstall any suspicious or unknown apps from your device. Malware often comes in the form of an app, so removing any suspicious apps can help to remove the malware.

    5. Reset your device to its factory settings. This will erase all of the data on your device, including any malware that may be present. Be sure to back up any important data before resetting your device.

    6. Keep your device and software up to date with the latest security patches. This will help to prevent future malware infections.

    How can an airport defend itself from juice jacking?

    There are several proactive steps an airport can take to defend against juice jacking. Implementing a combination of measures can help to create a more secure charging environment and reduce the risk of juice jacking attacks in an airport or other public facility.

    · Providing secure charging stations that are monitored by security personnel can help to prevent attackers from installing malicious devices on the charging ports.

    · Educating travelers about the risks of juice jacking and how to protect themselves can help to raise awareness and prevent attacks.

    · Regularly inspecting charging stations for any signs of tampering can help to detect and prevent attacks.

    · Installing anti-tamper measures on charging stations, such as tamper-resistant screws or epoxy, can help to prevent attackers from accessing the charging ports.

    · Implement real-time power metering outlets that monitors charging behavior and captures device specific identifiers and sends alerts for suspicious charging behaviors or power abnormalities.

    · Secured audit logging AC power outlets, such as Vidergy’s can help prevent unauthorized access to charging ports and provide a record of all charging activity, making it easier to detect and respond to any security incidents.

    About the Author

    Joe Petrie | Editor & Chief

    Joe Petrie is the Editorial Director for the Endeavor Aviation Group.

    Joe has spent the past 15 years writing about the most cutting-edge topics related to transportation and policy in a variety of sectors with an emphasis on transportation issues for the past 10 years.

    Contact: Joe Petrie

    Editor & Chief | Airport Business

    [email protected]

    +1-920-568-8399

    >> To download the AviationPros media kits, visit: Marketing Resource Center

    >>Check out our aviation magazines: Ground Support Worldwide |  Airport Business  | Aircraft Maintenance Technology

    Email

    Paradies Lagardère
    Marie Grimms
    hd_lanyard
    MNAA
    Matthew Earnhardt, assistant vice president of operations, MNAA
    Designit
    nathalia_vega_headshot