After all, where else in the world can TSA agents grope you with abandon, baggage handlers

畢竟除了機場其他地方不會有安檢人員對你搜身，

receive unrestricted access to your luggage or stores charge you prices so high there's

行李處理員也能對你的行李做任何事、或是機場商店收費甚高，

a good chance you'll come down with altitude sickness?

你也可能因為機場所在地海拔高得到高山症，

But on top of the over-the-top fees, underhanded luggage handlers, and handsy TSA agents, there's

但除了高額收費、狡猾的行李管理員、摸來摸去的安檢人員，

yet another far less obvious threat you have to worry about at airports: the USB ports.

機場還有另一個風險，雖不明顯，但很讓人擔憂，也就是 USB 插口，

It turns out that the seemingly harmless activity of charging your smartphone at a public kiosk

事實證明把手機充電線插入公用充電孔儘管看似無害，

can leave you vulnerable to cyber crime.

卻會讓你容易成為網路犯罪的受害者。

So what's the problem?

問題出在哪呢？

In a couple of words: "juice jacking."

用幾個字概括就是：「果汁劫持」，

"Speak English, doc, we ain't scientists!"

「博士，講中文好嗎？我們又不是科學家！」

Now, juice jacking may sound like a particularly seductive way to squeeze an orange, but really,

果汁偷竊聽起來像個榨橘子汁的好方法，

it's a whole different kind of naughty.

但這可不是玩笑話，

How-to Geek explains that because your smartphones use the same USB cable for charging and transmitting

「極客二三事」雜誌解釋：智慧型手機充電與資料傳輸是經由同一條 USB 線，

data, hackers can access information on your phone or upload malware via the USB port while

因此你在充手機時，

you're charging your device.

駭客可以藉由 USB 孔取得你的手機資訊或植入惡意軟體，

Hence, they're hijacking your phone as it replenishes its energy, or "juice".

因此充電過程中，他們能劫持你的手機，像榨汁一樣把手機榨乾，

And unfortunately, juice jacking isn't all that difficult or time-consuming for hackers

不幸的是，果汁劫持對駭客來說

to do.

一點都不難，也不需要花很多時間，

Speaking at a BlackHat security conference in 2016, researchers Billy Lau, YeongJin Jang,

2016 年的美國黑帽資安大會上，研究員劉比利、張永振、

and Chengyu Song described:

與宋成佑描述：

"We demonstrate how an iOS device can be compromised within one minute of being plugged into a

我們發現蘋果 iOS 裝置插入惡意充電器後，

malicious charger.

可以在一分鐘內被攻陷，

We show how an attacker can hide their software in the same way Apple hides its own built-in

也發現駭客隱藏惡意軟體的方法

applications."

跟蘋果隱藏內建 APP 的方法一樣，

These three researchers had previously built a juice jacking device out of a small computer

這三位研究員先前就用一台小電腦製作出果汁劫持裝置，名為 BeagleBoard，

known as a BeagleBoard, which can be purchased for as little as $45, showing just how easily

用 45 美元 ( 約 1400 元台幣) 就能買到，由此可知一名夠聰明的駭客

a sufficiently shrewd hacker could give themselves the means to get inside your phone.

以簡單方法就能輕易取得你的手機資訊，

Alarmingly, a BeagleBoard is just about small enough to fit right inside a USB hub or charging

令人擔憂的是，BeagleBoard 非常小，可以放在 USB 集線器或是

dock.

充電座裡，

To make matters worse, even after you've unplugged your device from the compromised cable, the

更慘的是，即使將裝置從被惡意軟體入侵的充電線拔除，

kiosk you just used to recharge your iPhone can retain a Wi-Fi connection with your disconnected

先前用來充 iPhone 手機的充電座仍可以和你的 iOS 裝置

iOS device.

保持 Wi-Fi 連線，

That means that once a hacker has gotten a foot in the door, they could potentially open

也就是說一旦駭客攻進你的手機，

the electronic floodgates.

就可能會打開電子閘門，取得更多資訊，

How-to Geek calls juice jacking "a largely theoretical threat" with "a very low" probability

「極客二三事」表示果汁劫持可能只存在於理論，

of occurring at an airport kiosk you might use.

發生在機場充電座的機會很小，

But the Vice President of X-Force Threat Intelligence at IBM Security, Caleb Barlow, has warned

但是 IBM 資安部 X-Force 威脅情報平台的副總裁凱勒巴洛

that:

曾經警告：

"Plugging into a public USB port is kind of like finding a toothbrush on the side of the

使用公用 USB 孔就等於在路上發現一支牙刷

road and deciding to stick it in your mouth.

就決定放到嘴裡，

You have no idea where that thing has been."

你根本不知道那支牙刷有碰到什麼，

To protect your phone from being broken into by malicious airside parties, Barlow recommends

若要保護手機不被候機區的惡意軟體入侵，

investing in a device called a Juice-Jack Defender, which is a kind of protective dongle

巴洛推薦我們購買一個叫「果汁劫持防禦者」的裝置，

you put in front of your charging cord.

是插在充電線前面的保護裝置，

Similarly, Harvard University's Bruce Schneier suggests using the so-called USB Condom when

同樣地，哈佛大學教授布魯斯斯奈爾建議我們用機場充電座時

charging your phone at airport kiosks.

使用「USB 保險套」，

Alternatively, you could pack a portable battery or personal charger, and avoid using the charging

另外你也可以準備攜帶式電池或個人充電器，

kiosk altogether.

避免使用公共充電座，

In case you take your chances with an airport kiosk and want to use protection, Krebs on

萬一你想冒險使用充電座並需要防護措施，

Security reviewed the Juice-Jack Defender and the USB Condom, both of which are designed

知名資安部落格 Krebs on Security 評論果汁劫持防護者與 USB 保險套，

to thwart would-be juice jackers.

認為兩個裝置都是為了阻擋潛在的果汁劫持者，

Describing the devices as "prophylactics," Krebs notes that both are equipped "with male

作者布萊恩克烈伯把它們比喻成避孕工具，指出兩個裝置在兩端都有類似

and female USB adapters at either end" and are functionally "indistinguishable" despite

男女性器官的 USB 接孔，功能上大同小異，

"slight" differences in size, shape, and texture.

不過大小、形狀和材質有些不同。

But that's not to say they're totally identical.

但兩個裝置也不完全相同，

According to Krebs, the Juice-Jack Defender is a little smaller than the USB Condom, but

根據克烈伯，電池劫持防護者比 USB 保險套小一點，

what it lacks in size, it makes up for in durability.

小歸小，卻比較耐用，

Meanwhile, however, the USB Condom seemed a bit more likely to stop working altogether.

另一個裝置─ USB 保險套比較無法同時使用，

So while these two devices do have a few minor differences, these seem to be mostly negligible,

所以雖然兩個小裝置有些微不同，這些差異基本上可以忽略，

and each should prove effective in ensuring that your phone won't come down with a nasty

你在機場使用充電座時，兩者都可以有效保護手機

virus next time you're hanging out at the airport.

不被惡意病毒入侵，

Check out one of our newest videos right here!

來這裡看看我們最新的影片吧！

Plus, even more Grunge videos about your favorite stuff are coming soon.

而且 Grunge 頻道近期會發布更多影片，介紹你們感興趣的東西，

Subscribe to our YouTube channel and hit the bell so you don't miss a single one.

請訂閱我們的頻道，記得點擊 YouTube 的鈴鐺圖示，才不會錯過新影片。