No announcement yet.

Juice jacking detection - Security auditing USB3 charging stations

  • Filter
  • Time
  • Show
Clear All
new posts

  • Juice jacking detection - Security auditing USB3 charging stations

    Passmark's USB3.0 test plug now supports detection of "juice jacking" USB charging stations.

    Juice jacking is a term coined by researchers back in 2011, for when a USB charging port has been compromised in such as way to steal your data, or infect your phone or other device, or record video from the screen.

    Public USB charging stations are found in places like cafes, airports, planes, conference centers and many other locations. In theory they should only provide power, but they can be setup to also surreptitiously read data from your device.

    While it is possible to prevent jacking using a non standard USB cable with only the power wires connected this has a number of downsides. Including,
    • USB power negotiation won't work. So your device may charge slower than expected.
    • The solution is no good for auditing which ports are safe and which aren't.
    • You need to carry around a special cable (or Syncstop style dongle);

    Starting from Firmware version V2.5 (4 October 2017), the Passmark's USB3.0 test plug will now report on USB enumeration attempts from USB charging ports. This allows auditing of ports to determine which ports are dumb chargers and which ports are something more.

    Note: The current hardware production run (mid 2017) has firmware version V2.4, so a manual firmware update is required to get this feature.

  • #2
    More details of the auditing feature and the text displayed on the LCD screen can be found on the USB security auditing page.