iOS and Android juice jacking defenses have been trivial to bypass for years
A decade ago, Apple and Google introduced safeguards in iOS and Android to protect against "juice jacking," a mobile security vulnerability where attackers could steal data or execute malicious code via compromised charging stations. However, researchers have now disclosed that these protections contained a fundamental flaw, making them easy to bypass for years.
Juice jacking, first demonstrated at Defcon in 2011, involves modified chargers that secretly access files or run harmful code when users plug in their devices. Attackers often place these rigged chargers in high-traffic public areas like airports and malls, exploiting unsuspecting users. Both Apple and Google attempted to counter this threat by requiring user confirmation before allowing data access, but these measures proved ineffective.
The failure of these defenses highlights ongoing risks in public charging scenarios. Despite efforts to secure mobile devices, attackers have continued to exploit this vulnerability, underscoring the need for more robust protections.