Project for Privacy and Surveillance Accountability (PPSA)
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Over 3 Million Searches
  • Issues
  • Solutions
  • SCORECARD
    • Congressional Scorecard Rubric
  • News
  • About
  • TAKE ACTION
    • PRESS Act
    • Over 3 Million Searches

 NEWS & UPDATES

FBI Warning About “Juice-Jacking” Presages Bigger Threats Ahead

4/13/2023

 
Picture
We’ve reported on robust, zero-click malware like Pegasus and Reign that state actors and criminal syndicates can use to transform your smartphone into a 24/7 surveillance device. These infiltrations don’t require you to make a single click or take any action, but lower-tech threats to privacy are proliferating from users’ interactions with mundane sources as well.
 
The FBI is now warning Americans to avoid using free charging stations in airports, hotels, and shopping centers. The Bureau reports that bad actors can use charging stations to infiltrate devices, installing malware or monitoring software to remotely steal your data.
 
By connecting your devices to a public charging station, a user could be vulnerable to “juice jacking,” malware that hijacks your charging cable during a charge. With malware and other cybersecurity threats installed onto a charging station, you could import them directly into your phone without ever knowing.
 
Smartphones and devices with the latest security updates might be fine, but hackers can continually modify their malware programs to evade detection. Juice jacking is just one way that hackers can hit your devices. A device’s defenses against these vulnerabilities are only as good as their most recent software update, so a phone that hasn’t been updated in weeks or months is especially open to attack.
 
While low-level malware attacks pose a significant risk to cybersecurity, they could be overtaken by far more powerful zero-click attacks that require no action on the victim’s part. The vector of these attacks can be global.
 
NSO Group’s Pegasus and QuaDream’s Reign are zero-click attacks that overcome the need to trick a user into taking an action. Pegasus can infiltrate a smartphone, reading text messages, tracking calls, collecting passwords, tracking location, accessing the device's microphone and camera, and harvesting information from apps. This technology is frightening because Pegasus or Reign can be installed remotely on smartphones even with the most up-to-date security software, all without the user ever touching their devices.
 
If bad actors using malware to infiltrate public charging stations to infect older device models is the Covid of malware, then a fully commercialized Pegasus or Reign would be more like the Black Plague. While Americans on travel can prevent attacks by bringing their own battery charger, nothing at present could prevent the epidemic if zero-click attacks proliferate in the wild.
 
Tech companies are in a continuous arms race with hackers and malware developers. The best thing you can do now is to regularly update your software and avoid public charging stations as if they were dirty bathrooms.

Comments are closed.

    Categories

    All
    2022 Year In Review
    Analysis
    Call To Action
    Congress
    Congressional Hearings
    Congressional Unmasking
    Court Hearings
    Court Rulings
    Digital Privacy
    Domestic Surveillance
    Facial Recognition
    FISA
    FISA Reform
    FOIA Requests
    Fourth Amendment
    Fourth Amendment Is Not For Sale Act
    Government Surveillance
    Insights
    In The Media
    Lawsuits
    Legislation
    Letters To Congress
    NDO Fairness Act
    News
    Opinion
    Podcast
    PPSA Amicus Briefs
    Private Data Brokers
    SCOTUS
    SCOTUS Rulings
    Section 702
    Spyware
    Stingrays
    Surveillance Issues
    Surveillance Technology

    RSS Feed

© COPYRIGHT 2023. ALL RIGHTS RESERVED. | PRIVACY STATEMENT