Keep Your Phone Safe From Juice Jacking With a Data Blocker

Keep Your Phone Safe From Juice Jacking With a Data Blocker
Image: iStock/hsyncoban
At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW - prices are accurate and items in stock at the time of posting.

Realising that your phone’s battery is about to die and you don’t have anything you can use to charge it has become one of the more frustrating parts of modern life. It’s something that happens to even the best of us, you forget to plug in your phone overnight or we don’t bring along our handy power bank.

If you’ve found yourself out and about, and in desperate need of a recharge, you might look for some form of publicly accessible charger that you can quickly plug into to get your battery out of the red. Problem solved, right?

While it might just solve your temporary power problem you could be asking for a completely different set of headaches. If the charging cable you’re connecting to is compromised, you could be unknowingly damaging your phone or giving third-party access to your data.

An attack like this is known as “juice jacking“, and involves using the data connectors in most USB cables to access your files, and potentially modify or copy them without you realising.

If you’re someone who frequently uses public chargers and you’re intent on keeping your phone as secure as possible, the easiest way to avoid getting juiced jacked is to use a data blocking USB device.

How does a power cable take my data?

The fundamentals of this kind of attack rest on the fact that most – but not all – USB cables include not only connectivity for transmitting power, but also channels for data to flow through. That’s why you can safely plug your smartphone into your computer and shuffle files to and fro, or perform a backup of your vital files when you’re at home or in the office, after all.

When you’re using your own charger, your own cable and your own phone, you’re in full control of the entire transaction, but when you step outside and use any other charger, you’re trusting that it’s not in any way compromised.

It’s certainly technically possible to build a system that looks just like a public charging station but is actually designed to slurp up the data of connected devices, and that’s been a thing since at least 2011. Here’s a video from 2012 showing a proof of concept of the idea, so it’s very much not a new idea.

How real is the threat of juice jacking?

This is where it gets tricky. While it’s an established concept that doesn’t take much technical nous to implement, documented cases aren’t terribly easy to track down, even if some authorities have highlighted the potential risks, both locally and internationally. There have been some reported cases of it happening in the wild, like this story from India, but it’s not a massive threat in absolute terms.

It’s also a scam that has been at least partially mitigated over the years by the way that both Android and iOS treat connected cables with live data connections.

Plug a modern Android phone into an unknown device and the standard default is to charge only, with users having to select to transfer data or photos through a drop-down menu. Apple’s iOS is even more explicit, asking for “trust” in a connected computer, which is likely to make you think when you’ve only plugged in to boost your iPhone’s battery in the first place.

That’s only true of newer devices, however. If you’re using a much older smartphone, it may treat every connection as friendly – but then you’d also be some years out of software updates for it to help as well.

This is also not to say that it has never happened or couldn’t. If you’d altered your default phone behaviour for convenience’s sake, or accidentally tapped on the permission dialogue box without realising it, you could potentially put your phone and personal data at risk. Smartphones are a rich source of valuable personal ID, and that means that smartphone operating systems are constantly being prodded for ways to bypass security, including the checks and balances that help to limit the approach of this kind of attack.

There’s also potential for social engineering aspects to this; if there was a sign that said you had to click some kind of agreement to charge, how many people might do so in return for “free” power?

Still, it is important to note that this is not a huge risk vector in terms of reported cases and losses, relative to other activities you might engage in with your phone and the precious data within it. That’s especially true in 2022 when so few of us are out and about as much as we used to be, and most international travel simply isn’t happening.

What are my data blocker options?

There’s a wide array of devices that promise to protect you from juice jacking, but they all tend to work in the same way, providing an endpoint within their devices for the data channels on any charging point.

Most take the form of either a data-pins-stripped cable – if you’re plugging it directly to a USB-A port – or a dongle that you add to a port or charging cable if you’re not. They’re also generally pretty cheap and quite small, so they’re easy to drop into a pocket or purse if you’re heading out and think you might need them.

To be entirely transparent, we haven’t tested these against an attack rig designed to use this particular attack, but you could assess them pretty easily by using them plugged into your own PC.

If you’re unable to transfer data even when permitted, or your phone never comes up as a drive on your computer, then they’re doing the job as advertised. If the data still flows regardless, then they’re duds and you’re well within your rights under Australian consumer law to seek a refund pronto.

Which data blockers are worth buying?

PortaPow 3rd Gen USB Data Blocker – $11.95

data blocker
Image: PortaPow

Data Blocker, given its distinct red colour. PortaPow claims it’ll even detect your phone type to ensure optimal charging.

Privise Original USB Data Blocker – $23.47

Keep Your Phone Safe From Juice Jacking With a Data Blocker
Image: Privise

Privise makes a range of privacy-centric products, but its USB data blocker is a pretty simple affair that just states that it blocks the data transmission through USB ports – which is exactly what you want out of this kind of gadget.

PortaPow USB-C Data Blocker – $9.95

data blocker
Image: PortaPow

Juice Jacking isn’t new, but a lot of devices presume you’re connecting to an older USB-A type socket. PortaPow’s USB-C adaptor is a small cable that interconnects to USB-C devices, although the manufacturer notes it’s not suitable for protecting laptops from data theft due to the need for those data channels to remain open while charging.

BrexLink Data Blocker – $22.99

Keep Your Phone Safe From Juice Jacking With a Data Blocker
Image: BrexLink

Another USB-A type option, albeit in a less alarming colour that the PortaPow option, and again a simple way to stop the data flow from connected devices if you’re concerned. This pack includes two data blockers, which is handy if you’re someone who regularly misplaces small things.

Editor’s note: Descriptions and features are as taken from manufacturer/seller claims and user reviews on Amazon.