The Nigerian Communications Commission’s Cyber Security Incident Response Team has alerted Nigerians on a method used by cyber attackers to gain unauthorised entry into unsuspecting mobile phone users devices when they charge their mobile phones at public charging stations.
NCC-CSIRT said the method, known as Juice Jacking, is part of two cyber vulnerabilities it identified, the other being Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.
This was disclosed in a statement titled, ‘NCC-CSIRT Identifies Two Cyber Vulnerabilities,’ signed by the Director, Public Affairs, Dr Ikechukwu Adinde.
The statement read in part, “The CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities.
“The first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones. The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.
“According to CSIRT security Advisory 0001 released on January 26, 2022, with Juice Jacking, attackers have found a new way to gain unauthorised entry into unsuspecting mobile phone users devices when they charge their mobile phones at public charging stations.
“Many public spaces, restaurants, malls and even in the public trains do offer complementary services to their customers in a bid to enhance customer services, one of which is providing charging ports or sockets.
“However, an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.
The NCC-CSIRT, however, proffered solutions to include using ‘charging only USB cable’ to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space; and not granting trust to portable devices prompt for USB data connection.
“Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s own power bank; keeping mobile phone off when charging in public places; as well as ensuring use of one’s own charger, if one must charge in public.