Juice Jacking: Real Threat or just Fear Mongering?

 

Juice jacking refers to malicious activity through USB charging ports or unfamiliar USB cables that can result in malware injection or data theft. The threat is real and was demonstrated by security researchers through a POC more than a decade ago. Devices like the O.MG cable, available online for under $200, are specifically designed to exploit this attack vector by emulating HID class devices and silently injecting keystrokes without any involvement from the OS or the user.

However, this attack is extremely rare and is likely to occur only in highly targeted scenarios. Even so, there are no documented cases of a real-world incident since the POC was published. The odds of an average user being victimized by it are lower than the odds of being struck by lightning 😃. For the attack to succeed, the attacker must be physically close, within Wi-Fi range of the embedded chip inside the malicious cable, or the device can connect to an attacker-controlled access point to extend the reach. It also depends on tricking the device into joining the access point it creates. Most public charging stations are simply power sources. Even when data lines are present, some platforms like iOS have built-in restrictions that make exploitation difficult. Unfortunately, most popular operating systems such as macOS, Android, Windows, and Linux all trust HID class devices by default, which means a malicious cable could execute commands immediately without any consent from the user or the operating system.

In summary, for an average person, juice jacking is not a practical concern. The hype surrounding it often borders on sensationalism. If you are concerned, avoid the paranoia and use a data blocker. Alternatively, as shown in the picture below, you can modify a regular USB cable by cutting the green and white data lines and leaving only the red and black power lines intact, then taping it all back together. This is essentially what a data blocker does. It is a simple and effective solution that gives you control, rather than relying on the operating system or trusting the power source or a third-party data blocker to protect your device.

---

Stay Informed and Safe Online

If you enjoyed this blog, you'll find many more cybersecurity related microblogs at link below. They offer valuable insights to help you stay informed and safe online. Explore them at https://blog.selvansoft.com

Pwned Perspective: Understanding email/password leaks without the panic

Lately, there’s been a wave of panic on social media about email and password leaks. This blog aims to highlight why it’s not the end of the world, how common these incidents are, and how understanding the facts can help you not only stay safer online but also avoid unnecessary panic. As the title suggests, this blog focuses solely on leaked login credentials (i.e., usernames, emails, & passwords) and does not cover data breaches involving PII (SSN, DOB, DL, name/address etc). If you’re affected by that kind of breach, freeze your credit file immediately by following this link.

Chances are, your email and passwords have been exposed in one of numerous past breaches; it's an established reality, not an assumption. Services like Have I Been Pwned (HIBP) collect this leaked data so you can check whether your credentials have surfaced on the dark web. 

But don’t panic. Most people don't know that a pwned password is not your actual password in plain text, but a hashed version. Although there have been a few rare incidents where passwords were leaked in plain text, that’s uncommon so you can assume pretty much all breached passwords are hashed and require cracking to become usable. If your password is long, strong, and includes special characters, numbers, etc., it becomes impractical and nearly impossible to crack without powerful computing resources and may take days, weeks, or even months or years to crack depending on the complexity of the password. Hackers don’t have that kind of time and skip these in favor of easier, crackable passwords. Also, if the affected account has two-factor authentication (2FA) enabled, your exposure is minimal. Still, treat it as a heads-up.

In summary, if your passwords are strong and unique and you had 2FA enabled, you can safely assume you are fine. In any case, make sure you do the following:

• Change your passwords immediately, especially if reused
• Enable 2FA wherever possible, preferably using an authenticator app that generates OTP instead of SMS-based verification
• Always use strong and unique passwords or preferably use passphrases

It’s not about fear; it’s about stacking the odds in your favor. Hackers aren’t chasing hard battles; they want quick wins. Don’t be the easy one!

---

Stay Informed and Safe Online

If you enjoyed this blog, you'll find many more cybersecurity related microblogs at link below. They offer valuable insights to help you stay informed and safe online. Explore them at https://blog.selvansoft.com

Is your computer compromised?

Easy way to check if your computer is/was compromised now or in the past

With the recent addition of Naz.API dataset (a massive collection of over 1 billion stolen username and passwords) to HIBP service ("Have I Been Pwned" - a service by troyhunt.com), it is now very easy to check if your computer is compromised by information stealing malware now or in the past. 

Go to the HIBP service at https://haveibeenpwned.com and enter your e-mail (don’t worry, it is 100% safe) and check the search results. The results may span several pages, so make sure to scroll down and check all the breaches your email is listed as compromised. Keep in mind that it is not at all unusual to see your email show up on multiple breaches. For example, see the screenshot below of my own email search.

As you scroll through the list, check if your email is listed for Naz.API. If your email was one of the unfortunate one to be included in the Naz.API list, it is a clear indication that your computer is now or in the past was compromised and information was stolen. The very least you can do is to make sure your current password is not included in the list. There are couple of ways you can check. I know some password managers like 1Password for example can check all your passwords against HIBP database. If you don’t use any tools that support checking your password in HIBP database you are welcome to use my php script at my GitHub repo below which does the same thing, the only caveat is that it checks one password at a time against HIBP database, so you have to repeat that for all your passwords.

https://github.com/aselvan/scripts/blob/master/security/pwned_password.php

How to run: If you are on a Mac or Linux, you can run the script directly with the two commands as shown below ... If you are windows, you have to install php, curl etc first which is beyond the scope of this blog.

curl -s https://raw.githubusercontent.com/aselvan/scripts/master/security/pwned_password.php -o /tmp/pwned_password.php

php /tmp/pwned_password.php

If you are unfortunate to have your password listed in HIBP as per the tools (1Password or my script or any others that check your password against HIBP), and if it is any of your current passwords, change it ASAP and enable 2F if that’s not already in place. If your current password is not found, it means an old password you used in the past was compromised. Still, it is a good idea to change all your passwords ASAP.

If you use more than one email address now or in the past, repeat this for each e-mail.

For further details can be found at the following links

• https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list/
• https://www.troyhunt.com/inside-the-massive-naz-api-credential-stuffing-list/

Stay Informed and Safe Online

If you enjoyed this blog, you'll find many more cybersecurity related microblogs at link below. They offer valuable insights to help you stay informed and safe online. Explore them at https://blog.selvansoft.com