Six Colors
Six Colors

by Jason Snell & Dan Moren

This Week's Sponsor

End users aren't your enemy! Kolide gets users to fix their own device compliance problems–and unsecure devices can't log in. Click here to learn how.

by Dan Moren

The juice jacking isn’t worth the squeeze

Are Technica’s Dan Goodin throws cold water on recent warnings about “juice jacking” (i.e. devices being compromised by being plugged into public USB charging ports):

The problem with the warnings coming out of the FCC and FBI is that they divert attention away from bigger security threats, such as weak passwords and the failure to install security updates. They create unneeded anxiety and inconvenience that run the risk of people simply giving up trying to be secure.

I admit, I’ve been wary of public charging stations for the last several years, but Goodin’s thorough breakdown explains why this kind of exploit—though technically feasible—is extremely difficult to pull off. Most importantly, he points out that there have been zero documented cases of juice jacking ever having happened outside of proof of concepts demonstrated by security researchers.

There are a lot of these kind of exploits that get shown off by researchers, and that’s good, because it encourages device makers to continually improve their security. But they also tend to be stories that are ripe for scaremongering because they garner a lot of attention and get shared and amplified without actual understanding.

In short: your public USB charging port is probably fine. But it’s never a bad idea to carry your own charger and cable, for convenience if nothing else.

—Linked by Dan Moren

Search Six Colors