Skip to content

Cyber-attacks: How to avoid Juice Jacking and Facebook for Android Friend Acceptance Vulnerability

    In more recent and updated news, the Nigerian Communications Commission’s Cyber Security Incident Response Team (NCC-CSIRT) has issued strict security warning to all citizens of the country to stop charging phones at public places.

    These public places include eateries, malls, trains stations, and other public places with an unprotected socket. The NCC-CSIRT has cautioned against charging mobile phones using public charging ports or sockets in order to protect them from cyber-attacks.

    The CSIRT was created in less than three months, and this is its first-ever security advisories, where the new security group raised alarm over the newly identified two cyber-attacks – Juice Jacking and Facebook for Android Friend Acceptance Vulnerability.

    NCC said the Juice Jacking can gain access to consumers’ devices when charging mobile phones at public charging stations and applies to all mobile phones. While Facebook for Android Friend Acceptance Vulnerability targets only Android OS.

    How it works: NCC said beforehand, the attackers usually “load a payload in the charging station or on the cables they would leave plugged in at the stations” and once the victim plugs his/her phone, it would automatically download the Payload.

    On downloading the payload, the attacker can gain access remotely to your Smartphone, “allowing them to monitor data transmitted as text, or audio using the microphone.” Full access to cameras, apps, and other credential information.

    charging phones
    charging phones

    The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.

    With this, the attacker will be able to add the victim as a friend and collect personal information of the victim, such as email, date of birth, check-ins, mobile phone number, address, pictures, and other information that the victim may have shared, which would only be visible to his/her friends. 

    However, to be protected from the Facebook-associated vulnerability, NCC-CSIRT in the security advisory recommended to users to disable the feature from their device’s lock screen notification settings. 

    In order to avoid these two cyber-attacks, NCC said customers should stop charging phones at any public places, and also asks the citizens to always keep their apps security patches and Antivirus up to dates.