As with any cyber threat, prevention starts with awareness of the risk. As a road warrior, I see people taking a particular and absolutely unnecessary risk far too often. This risk has to do with the one item so many apparently can’t function without — the venerable smartphone. Here’s the problem. The cable we all use to charge our phones is the same one we use to transfer or sync our data and this creates an attack vector that someone could take advantage of during the charging process. In short, if you were to use a USB cable to charge your phone at a free charging kiosk like the ones commonly found in airports and malls, someone could now illegitimately gain access to your data and/or place malicious code onto your phone. This type of breach is called juice jacking and it is a very real and potentially serious threat.
Now, I will admit there are numerous public USB charging ports available that are perfectly safe to use. The challenge, however, is in trying to identify the ones that aren’t. Think about it. You’re never going to find a warning sign that says this particular charging station isn’t safe to use. Fortunately, the solution to the problem is so easy there is no reason not to do the right thing. Here are a few ideas. 1) Carry a portable power bank. This is what I tend to do when traveling and since no data is stored on the power bank, I can charge that at a public charging kiosk worry free if I ever need to. 2) Use your own adaptor and cable. Yes, you will need to find an available Ac outlet, but isn’t the peace of mind worth it? 3). Prevent the transfer of any data by placing a charge only device or adaptor between your USB cable and the public charging kiosk.
All three of these solutions come with little or no added cost to you, responsibly address the problem, and again, are so easy to do. When you think about what’s at risk by failing to do all you can to prevent this type of threat, I simply can’t understand why anyone wouldn’t want to play it safe.
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.