Juice jacking

The goal of the attack is to either install malware on the device, or to surreptitiously copy potentially sensitive data.

This framework included examples and proof of concepts that would allow attackers to unlock locked phones, steal data from a phone including authentication keys granting the attacker access to the target device owner's Google Account.

[7][8] Their presentation on this attack mentions that a cellphone or tablet device charging on an infected computer would be one of the simplest method of propagating the BadUSB vulnerability.

[13] The Wall of Sheep researchers, including Brian Markus, Joseph Mlodzianowski and Robert Rowley, designed the kiosk as an information tool to bring awareness of the potential attack vector and they have discussed, but not publicly released, tools to perform malicious actions on the charging devices.

[14] In late 2012, a document was released by the National Security Agency (NSA) warning government employees who travel about the threat of juice jacking.

[15][16] The Android Hackers Handbook released in March 2014 has dedicated sections discussing both juice jacking and the ADB-P2P framework.

[20] On April 6, 2023, the FBI Denver X.com account published a warning that "bad actors have figured out ways to use public USB ports ..."[21] as if the attack vector were novel.

"[22] This update, along with tweets on April 11 gave credence to social media posts and internet news articles that spread the information as fact.

Apple's iOS has taken multiple security measures to reduce the attack surface over USB including no longer allowing the device to automatically mount as a hard drive when plugged in over USB, as well as release security patches for vulnerabilities such as those exploited by Mactans.