ICT Today

ICT Today July_August_September 19

Issue link: https://www.e-digitaleditions.com/i/1132978

Contents of this Issue

Navigation

Page 4 of 63

July/August/September 2019 I 5 From the President, Jeff Beavers, RCDD, OSP, CFHP "JUICE JACKING" PUTS THE SQUEEZE ON PRIVATE DATA Physical security and cybersecurity are becoming similar to the blurred lines of voice and data. With the advent of IP-based technologies, physical and cybersecurity now go hand in hand. The term "belt and suspenders" is a metaphorical idiom meaning that a person or enterprise wearing both a belt and suspenders is very, if not overly, cautious. A belt and suspenders achieve the same task—to hold up pants. As the saying goes, "just because I'm paranoid doesn't mean they are not out to get me." In other words, just because I am wearing a belt, it does not mean it still cannot fail its task. In technical terms, the suspenders can be redundant and/or diverse. The belt provides the mission critical role of holding up the pants. The suspenders offer some level of operational resilience. The belt and suspenders are the physical security; cybersecurity assures pictures of ward- robe malfunctions from failing belts and suspenders do not find their way to the internet. "Juice jacking," a term I have read about recently, is a form of cyberattack when hackers secretly modify a USB port to install viruses or inject code to gain access to personal or sensitive corporate data. The proliferation of public device charging stations at airports, business centers, hotel lobbies or other public places opens a plethora of opportunities for juice jacking hackers. People often forget that their smartphones are actually computers. Convenience for the technology consumer in a data driven world introduces another risk. The codes we follow, such as the National Electric Code (NEC), do not explain the wrong ways to perform tasks, only the proper ways. It would be innumerable otherwise, as humans are too creative with the wrong ways of accomplishing tasks, and there is no end to the creativity of some humans when it comes to nefarious activities. The USB connection is one example that people and codes have given little thought to as a source for cyber threats. USB cables permit the supply of power and data simultaneously. When the USB port is to charge a phone's battery, hackers utilize the data stream while the device is charging. Cybersecurity researchers claim that it takes less than a minute to gain full access to the electronic device and retrieve photos and contact information. Many electronic devices are configured to dump their data when making a connection with a USB cord. Even if the user attempts to manually disable the USB transfer mode by selecting the charge only option, the device is predis- posed to transfer the data whereby the hacker establishes a trusted relationship with the device." 1 Even a cord left behind by an opportunistic data thief leaves a person or enterprise vulnerable. While having scored a free innocent-looking Apple Lightning cable, the moment it is plugged into the device an extra chip that deploys malware begins accessing data. "The 2019 IBM X-Force Threat Intelligence Index reveals that the transportation industry has become a priority target for cybercriminals as the second-most attacked industry—up from tenth in 2017. Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches." 2 Like many BICSI members, I spend much time traveling. Now, I realize that many airports, despite how strong their belts, suspenders, and cybersecurity are, have failed at the task of stopping much of the juice jacking. However, we can tighten our own belts and suspenders by refusing to drink the "juice" and practice smart security measures, such as using your own power adapter, portable power bank or purchasing an inexpensive juice jack-defense product. Furthermore, we need to practice our own cybersecurity by being aware of USB cables and anything that plugs into mobile devices or computers at work, home, and public places. Where is that lock box when we need it?—the lock box promised during the 2000 presidential campaign that ensured our Social Security funds would always be there. We are in an era of exponential technology growth. The risks in a data driven world are increasing exponentially—so too are the methods, processes and equipment to protect it and us. Be safe; someone is counting on you. REFERENCES: 1. Danley, Chuck, Juice Jacking: USB as an Attack Vector, Jul 3, 2017, Leaderquest. https://www.leaderquestonline. com/blog/juice-jacking-usb-attack-vector/ 2. Kelleher, Suzanne R. Why You Should Never Use Airport USB Charging Stations, May 21, 2019, Forbes. https://www.forbes.com/sites/suzannerowankelle- her/2019/05/21/why-you-should-never-use-airport-usb- charging-stations/#324eba9b5955

Articles in this issue

Links on this page

Archives of this issue

view archives of ICT Today - ICT Today July_August_September 19