{
	"id": "d1b82ca3-6e18-48d1-9160-8a2c82f43a69",
	"created_at": "2026-04-06T00:14:27.794452Z",
	"updated_at": "2026-04-10T03:24:29.153573Z",
	"deleted_at": null,
	"sha1_hash": "a044341c50a75a79edb5facab60330d1f4f157e5",
	"title": "Beware of Juice-Jacking",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 133688,
	"plain_text": "Beware of Juice-Jacking\r\nPublished: 2011-08-22 · Archived: 2026-04-05 21:12:59 UTC\r\nYou’re out and about, and your smartphone’s battery is about to die. Maybe you’re at an airport, hotel, or shopping\r\nmall. You don’t have the power cable needed to charge the device, but you do have a USB cord that can supply the\r\nneeded juice. Then you spot an oasis: A free charging kiosk. Do you hesitate before connecting your phone to this\r\nunknown device that could be configured to read most of the data on your phone, and perhaps even upload\r\nmalware?\r\nA DefCon attendee using the charging kiosk.\r\nThe answer, for most folks, is probably not. The few people I’ve asked while researching this story said they use\r\nthese charging kiosks all the time (usually while on travel), but then said they’d think twice next time after I\r\nmentioned the possible security ramifications of doing so. Everyone I asked was a security professional.\r\nGranted, a charging kiosk at an airport may be less suspect than, say, a slightly sketchy-looking tower of power\r\nstationed at DefCon, a massive hacker conference held each year in Las Vegas. At a conference where attendees\r\nare warned to stay off the wireless networks and avoid using the local ATMs, one might expect that security\r\nexperts and enthusiasts would avoid using random power stations.\r\nBut some people will brave nearly any risk to power up their mobiles. In the three and a half days of this year’s\r\nDefCon, at least 360 attendees plugged their smartphones into the charging kiosk built by the same guys who run\r\nthe infamous Wall of Sheep, a public shaming exercise at DefCon aimed at educating people about the dangers of\r\nsending email and other online communications over open wireless networks.\r\nhttp://krebsonsecurity.com/2011/08/beware-of-juice-jacking/\r\nPage 1 of 3\n\nBrian Markus, president of Aires Security, said he and fellow researchers Joseph\r\nMlodzianowski and Robert Rowley built the charging kiosk to educate attendees about the potential perils of\r\njuicing up at random power stations. Markus explains the motivation behind the experiment:\r\n“We’d been talking about how dangerous these charging stations could be. Most smartphones are configured to\r\njust connect and dump off data,” Markus said. “Anyone who had an inclination to could put a system inside of one\r\nof these kiosks that when someone connects their phone can suck down all of the photos and data, or write\r\nmalware to the device.”\r\nTo make their charging station more attractive to passersby, Markus and his pals equipped it with a variety of\r\ncharging cables to fit the most popular wireless devices. When no device was connected, the LCD screen fitted\r\ninto the charging station displayed a blue image with the words “Free Cell Phone Charging Kiosk.” The screen\r\nswitched to a red warning sign when users plugged in any devices. The warning message read:\r\n“You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded\r\nwithout your consent. Luckily for you, this station has taken the ethical route and your data is safe.\r\nEnjoy the free charge!”\r\nMarkus said the comments from those who chose to juice up their phones at the kiosk were the most rewarding\r\npart of the project.\r\nhttp://krebsonsecurity.com/2011/08/beware-of-juice-jacking/\r\nPage 2 of 3\n\n“One guy that clearly seemed stressed and in a hurry to get\r\nhis phone topped off said, ‘I don’t care, take my data, I need my phone charged to make a phone call!'” Others\r\nsaid they planned to wipe their phones after leaving the hacker conference anyway.\r\n“One attendee claimed his phone had USB transfer off and he would be fine.  When he plugged in, it instantly\r\nwent into USB transfer mode,” Markus recalls.  “He then sheepishly said,  ‘Guess that setting doesn’t work.'”\r\nAnother DefCon attendee remarked, “This freaked my boss out so much he sent an email across the entire\r\ncompany stating employees are now required to bring power cables and/or extra batteries on travel, and no longer\r\nallowed to use charging kiosks for smart devices in open public areas.”\r\nInside the charging kiosk.\r\nThe safest route for charging your device on-the-go is to use the supplied power cord that plugs into a regular\r\nelectrical outlet (assuming you can find an available outlet). Battery-powered mobile charging devices also work\r\nwell in a pinch and are available at many airports. If you must use a random charging kiosk, the safest option may\r\nbe to completely power off the device before plugging it in.\r\n“One thing we discovered: On certain devices, if you power them completely off, then charge them, they don’t\r\nexpose the data,” Markus said.\r\nSource: http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/\r\nhttp://krebsonsecurity.com/2011/08/beware-of-juice-jacking/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/"
	],
	"report_names": [
		"beware-of-juice-jacking"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434467,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a044341c50a75a79edb5facab60330d1f4f157e5.pdf",
		"text": "https://archive.orkl.eu/a044341c50a75a79edb5facab60330d1f4f157e5.txt",
		"img": "https://archive.orkl.eu/a044341c50a75a79edb5facab60330d1f4f157e5.jpg"
	}
}