AMIT Kumar Mishra was in Central Delhi’s Connaught Place for a reunion when his iPhone vibrated in his jeans pocket. It wasn’t a text. A ‘low battery’ caution had popped up on the screen. The 39-year-old plugged into a nearby free USB power charging station.
The party was to be spoilt soon. “I received a message that Rs 50,000 has been debited from my bank account, though I had not made any such transaction,” he said.
Fashion designing student Sushmita Purohit, who often visits South Delhi’s Khan Market, was also shocked when objectionable content had been posted on her social media pages – without her knowledge.
Both approached the Delhi Police’s anti-cybercrime cell that suspects when they used public cords, their phones were hacked.
They are two of the many victims of a rising criminal phenomenon known as juice jacking, said police sources. “As these ports aren’t monitored, they can be easily tampered with. Inside that tempting cord is an extra chip that deploys hidden malware on your phone to download information without your knowledge. One must be aware that these cords are also designed to transfer data, not just power,” said an official.
Scammers are doing this mainly at the airport and shopping hotspots such as Connaught Place and Khan Market or tourist destinations to steal bank details and other sensitive information, for blackmailing, said police sources.
“Hackers can access text messages, photos, videos, e-mails, locations, notes, contact details and, more importantly, they can take screenshots every five seconds,” said Muktesh Chandra, Special Commissioner of Police (Operations).
Chandra has a thorough knowledge of cybersecurity. He recently went abroad to study the subject. “The Internet offers unprecedented anonymity to criminals and it becomes difficult for us to detect illegal financial transactions. We require certainty and severity of punishment to control such cybercrimes,” he said.
He also has pieces of advice. “Bring a regular charger along and plug it into a wall outlet. Or carry a portable power bank. You must also avoid cables that look left in USB ports by other people. There’s the tech that you can use. It lets you charge your phone but stops any malware download data theft,” Chandra said.
Cops scramble to figure out how to secure these phone charging points
Researchers at security firm Kaspersky Labs have also found that they could install a third-party application, like a virus, onto a smartphone via its USB cable connection to a computer in three minutes.
IBN X-FORCE’s survey says the transportation industry became the second-most attacked sector in 2018 – from 10th a year before.
In a news report, Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security, was quoted as saying: “Plugging into a public USB port is like finding a toothbrush on the side of the road and deciding to stick it in your mouth. You have no idea where that thing has been. And remember, that USB port can pass data.”
Barlow says it’s smart to worry about public USB power stations. A growing number of nation-state hackers are now training their sights on travellers, according to new research from IBM Security.
Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.
Cyber expert Mohit Yadav demonstrated to this reporter how hacking is done. “It is very much possible that Amit and Sushmita fell prey to juice jacking,” he said.
Another cyber expert, Gautam Kumawat, said several cables are available in the market that can copy all your data while you have put your phone on charge.
Some cases have been reported from NCR as well
The Delhi Police are now trying to figure out the problem and find a solution, said sources. “We’re trying to find out how to secure these phone charging points,” said an official.
New Delhi Municipal Council (NDMC) officials who have installed free phone charging kiosks in CP, said they are unaware about hacking as there are companies looking after the operations. “But if any such activities are taking place, we will definitely seek help from experts to come up with a security feature,” said an official.
Juice jacking cases are also being reported from NCR. A 24-year-old student of a private college in Noida was stalked and blackmailed by a person who had hacked her phone. Cops are suspecting hacking was done when she used an anonymous charger.
“The hacker copied all her personal photographs and chats. She approached the police this month,” said a cyber expert.
Similarly, Prashant Ahuja’s net banking password was changed and hackers tried to make online transactions but failed due to several security features.
“I got a text message that my net banking password has been changed. I was shocked. I immediately called the bank. Later, it emerged that my phone was hacked, possibly when I used a free USB charging port,” he said.