Comments on: Beware of Juice-Jacking

By: HongwenZhangWedge

HongwenZhangWedge — Wed, 31 Aug 2011 23:51:36 +0000

Thank you for sharing these findings! It’s interesting to hear how even with prior warning, people are still vulnerable to the glamour of free battery life. Had the charging stations not taken the proper security precautions, these users could have risked exposing private corporate data. Not only should corporations educate their employees, but they need to block malicious attacks before mobile malware enters its system through infected devices. Corporations must ensure network layer Data Leakage Prevention (DLP) to prevent the outflow of user/corporate data. Our company Wedge Networks has been working towards solutions such as these for years, to prevent the good things from flowing out and the bad things from coming in.

By: First_Switch_Off_the_Device

First_Switch_Off_the_Device — Fri, 26 Aug 2011 04:55:39 +0000

Before I charge my HTC smartphone, I switch off the device. Plugging it into any computer USB socket, I do not see any data transfer at all.

Honestly, I don’t see how a dead phone can transfer data. Are these security and other IT professionals unable to switch off their phones before charging them?

By: Jane

Jane — Thu, 25 Aug 2011 18:03:25 +0000

Thanks for the warning! I never would have thought of that, and I’m afraid it will be difficult to find out before taking the phone home.

By: Teri

Teri — Wed, 24 Aug 2011 23:14:06 +0000

This makes me glad I have two auxiliary chargers that have USB attachments. I can charge them on a kiosk w/o putting my data at risk.

By: maddogg

maddogg — Tue, 23 Aug 2011 18:03:35 +0000

How smart would your phone be after that kiosk supplies 120VAC to it?

By: David Bradley

David Bradley — Tue, 23 Aug 2011 15:32:48 +0000

“The safest route for charging your device on-the-go is to use the supplied power cord that plugs into a regular electrical outlet”

How could you be sure it wasn’t running a powerline network?

By: Anon

Anon — Mon, 22 Aug 2011 21:43:33 +0000

Thanks for your reply.

My smartphone runs Android 2.1 and when I connect it to my computer a screen comes up on my phone asking me whether I want to charge the phone or transfer files. If I simply choose to charge the phone, the phone doesn’t show up in My Computer and therefore you can’t view or modify its data. I’d guess that most Android phones would exhibit similar behaviour. You have to mount the phone (sdcard) in order to read or write.

However your article had me thinking that it is possible to somehow read data simply by charging the phone, as if the phone would expose information even if it is simply charging. Perhaps it is not the case then.

By: hans

hans — Mon, 22 Aug 2011 17:13:03 +0000

where is the problem?

By: hans

hans — Mon, 22 Aug 2011 17:11:39 +0000

use this : http://www.amazon.de/Hama-GmbH-Co-00034041-Verl%C3%A4ngerungs-Station/dp/B0009N8MR6/ref=sr_1_5?ie=UTF8&s=ce-de&qid=1237642532&sr=8-5

you can switch off the data connection !

only charge !

By: Brian Krebs

Brian Krebs — Mon, 22 Aug 2011 16:57:57 +0000

Don’t know which ones. I can tell you that the iPhone appears to be. But I don’t have a range of cell phones to try this with.

You can find out if your phone may be vulnerable. Plug it in to a USB charger and see what comes up on the computer. If it prompts you to view the files without any kind of password, then chance are that device would be vulnerable.

If you do such research, maybe post your findings as a comment here? Thanks.