Juice Jacking

Photo by ThisIsEngineering on Pexels.com

While traveling is not as prevalent as it was before COVID-19, we remain mobile. That means you can still run out of juice while away from the office.

Did you know that using a charging port, borrowing a cable, or relying on someone else’s external battery can put your smartphone, tablet, or laptop at risk?

The problem is malware, in which hackers take advantage of USB connections to hide and deliver secret data payloads that a user might think was only transferring electrical power. This is called “juice jacking.” Its visual counterpart, known as “video jacking,” occurs when a hacker records and mirrors the screen of a device that was plugged in for a charge.  

Protect Yourself from Data Theft

The FBI recommends:

DoDon’t
Use AC power outlets to charge devicesUse USB charging stations in public places
Buy only from trusted suppliersAvoid cheap deals and free giveaways
Bring your own car chargerDon’t borrow car chargers
Bring your own USB cablesDon’t use someone else’s
Bring your own AC or battery backupNo borrowing!
FBI TECH TUESDAY

Best Practices

  • Consider buying a charging-only cable, which prevents data from sending or receiving while charging. 
  • Discard any free USB cables, chargers, adapters, or similar accessories that you received as a promotional item. They are too risky, warns the FBI. Microcontrollers and electronic parts have become so small these days that criminals can hide mini-computers and malware inside a USB cable itself.  
  • As we move into the holiday season, you may be tempted to buy cheap electronic accessories as stocking stuffers or gifts. Please think twice. Consider the source and the manufacturer when making your purchases. Proprietary cables, chargers, adapters, docks, or battery backups often feel like they cost more than they should. (Pssst … Are you listening Apple?) But imagine what you’d spend trying to recover from data theft and fraud if a hacker gained access to your device? It isn’t worth it.

There’s another good reason to buy genuine electronic accessories from the manufacturer. They prolong the life of your device by charging it properly and completely.

As an example, the charging cables for your iPhone and iPad are not identical. The same is true of Samsung devices. I’m not saying that switching out proprietary chargers among your devices won’t work. I am saying that doing so is not optimal. And that’s within the same device manufacturer ….

Before we had to worry about juice jacking, I fell down the path of cheapie chargers. I learned quickly that I was wasting my money. If you don’t believe me, just Google “why cheap charging accessories don’t work,” to see pages of posts and warnings.

Better safe than sorry.

All Rights Reserved 2020 Beverly Michaelis

Ethics of Disaster Recovery and Data Breaches

Coming December 10 at 1:00 pm Eastern, 10:00 am Pacific – a lawyer’s ethical duties in responding to disasters and data breaches. Featuring ABA Formal Opinion 483: Lawyers’ Obligations After an Electronic Data Breach or Cyberattack and Formal Opinion 482: Ethical Obligations Related to Disasters (2018).

This session will offer real-life examples on how to recover from a disaster or a data breach — ethically.

Disasters and data breaches bring with them conflicting priorities to resolve. Duties of disclosure compete with those of confidentiality for your attention. The responsibility to provide legal services for which your clients have contracted may be adversely affected by disaster. Model Rules 1.4 and 1.6 provide the standards and the recent ABA opinions flesh out your ethical duties in the event of a disaster (natural or man-made) or a data breach (which is of course a very specific form of a disaster!).

Join our panel of experts as they guide you through these opinions with practical examples of how best to ensure you and your clients are protected in the face of this new world and all it has to throw at you.

This is a free CLE for ABA members. Register here.

All Rights Reserved 2019 Beverly Michaelis

Cybercrime: An Ongoing Threat to Law Firms

In the most recent issue of Law Practice Today Sheri Davidoff describes how hackers exploit weak security measures to steal from you and your clients. The most common targets: your email, logins, and files.

Email hacks

Once a hacker gains access to your email, he or she may download your entire mailbox, set up a rule to forward your messages to their account, or use email content to begin victimizing clients.

Preventive steps

Use proper passwords

Pass phrases (sentences) are the best. Otherwise, choose passwords at least 14 characters in length which contain symbols and numbers. It is critical to create unique pass phrases or words for each login to limit the scope of a security breach. Do not share them. Do not write them on sticky notes posted to your monitor. A password manager can make the job easier.

Turn on two-factor authentication

This sounds fancy, and if you’re not familiar with it, intimidating. It is neither. Login as usual, have your smartphone or cell phone handy, and enter the code texted to you to complete your login. It’s that easy.

Biometrics

You can use your face or your fingerprint to login if your device or software supports it. A quick Google search generates pages of “pros and cons” posts, which I will avoid repeating here.

Limit substantive content in email

Consider limiting what you say by email when the information is sensitive. Pick up the phone or send the client a message prompting them to login to your secure client portal instead. As Davidoff points out in her post, “Hackers commonly search your correspondence for ongoing conversations of interest—such as a real estate purchase or other upcoming financial transaction. Then, they actively monitor these conversations to maximize their ability to intercept a payment.”

Malware and ransomware abound

The most likely way to get infected with malware or ransomware is to click on a suspicious attachment or link. Use common sense before you click and if in doubt: don’t! Even if the message appears to come from a trusted source. Pick up the phone or compose a new message and ask the sender if he/she sent the email. (Don’t ask by forwarding the suspicious message – you are only spreading the threat.)

The US Department of Homeland Security has valuable tips on combating malware and ransomware. Also, take a few minutes and peruse the resources available at the ABA Law Practice Division (search: “malware”) or checkout the Professional Liability Fund CLE, Data Security/Data Breach: What Every Lawyer Needs to Know to Protect Client Information.  

All Rights Reserved 2019 Beverly Michaelis