New USB Scam Alert In India: Why You Should Avoid Public USB Phone Charging Stations
The USB scam in India is specifically concerned with the potential dangers of using public USB charging ports for your electronic devices. It's also known as "juice-jacking." Here's what it is and how to stay safe from USB Charger scams or Juice-Jacking attacks.
USB Scam In India: The Indian Government has issued a warning to smartphone and laptop users regarding the USB Charger scam. According to the latest report by CERT-In (Indian Computer Emergency Response Team), an agency within the Ministry of Electronics and Information Technology, cyber-criminals may exploit USB charging ports installed in public places like airports, cafes, hotels, bus stands, and others for malicious activities.
These infected ports may lead to situations where hackers can trap users in ¡®juice-jacking attacks¡¯ when these USB ports are used to charge devices.
In a post shared on micro-blogging site X (earlier Twitter), the national cybersecurity watchdog has also shared safety tips to prevent users from falling victim to such scams.
What is a USB Scam In India?
The USB scam in India is specifically concerned with the potential dangers of using public USB charging ports for your electronic devices. It's also known as "juice-jacking."
What are Juice-Jacking Attacks?
Juice-jacking is a theorised cyberattack where a public USB charging port is tampered with to steal data or install malware on a device plugged into it. Here's a breakdown of the concept:
The USB Scam Attack Method:
Compromised Charging Port: Attackers can tamper with a public USB charging port (found in airports, train stations, cafes, etc.) by installing hardware or modifying software.
Data Theft or Malware Installation: Once a device is plugged in to charge, instead of simply receiving power, the compromised port might:
Steal Data: The attacker's software could copy sensitive information like contacts, photos, or even login credentials.
Install Malware: Malicious software could be installed on the device, potentially allowing remote access or data exfiltration.
Important Points
Theoretical Risk: While juice-jacking is a possible attack method, there haven't been any confirmed widespread incidents reported. However, it's a good reminder to be cautious when using public charging ports.
Alternative Risks: Even without malicious intent, public USB ports might carry electrical risks or malfunction, potentially damaging your device.
How to Stay Safe:
- Avoid Public USB Ports: Whenever possible, use your wall charger or a portable power bank to charge your device.
- Carry a Charging Cable: Having your cable reduces the need to rely on potentially compromised public ports.
- Only Use Trusted Sources: If necessary to use a public port, try to find one in a well-lit, secure location with CCTV cameras.
- "Charge Only" Mode: Some devices offer a "charge only" mode when connected via USB. This mode restricts data transfer while allowing charging. Enable it if available on your device.
- Security Software: Ensure your device has up-to-date security software to detect and prevent malware infections.
- Keep your smartphone's software updated regularly to safeguard against vulnerabilities.
- Consider charging your phone when it's turned off, if possible.
By following these precautions, you can minimise the risk associated with using public USB charging ports. Remember, it's always better to be safe than sorry when it comes to protecting your data and devices.
If you've fallen victim to the USB Charging Scam, report it immediately. You can call 1930 or report a Cyber fraud Incident at https://www.cybercrime.gov.in.