Juice Jacking

Juice Jacking with Jacket Brief

Overview

Jacket Version 1 is a small piece of software which demonstrates a scenario by which an unsuspecting user who plugs their smartphone into a USB port where said software code is running. The code executes and copies files over to the users device without/with-limited permission to demonstrate the vulnerability known as Juice Jacking.

Current Implementation of Jacket

The current version of Jacket is a small shell script built to be run on a Linux machine with limited functionality to simply notice when a device is plugged in, give basic info on the device and copy over a small file to the user’s media folder on the plugged in device. Versions has been made for Android and iOS. There are several steps for building the environment for the script to run on and a how-to guide has been written.

Requirements for Jacket 2.0

  • Jacket 2.0 needs to be an easily downloadable and installable version of Jacket allowing users on all operating systems (Windows, Linux, MacOS) to execute the script.
  • A GUI to make the script a user-friendly tool to demonstrate the value proposition of a Datablock
    • The installation of the script and libraries needs to be self-contained so as to provide a “click to install” experience for the user.
    • The GUI must walk the user through a step by step process describing the execution of the script
      1. Once installed have a welcome with a simple large button or similar call to action “CLICK HERE TO START LISTENING FOR DEVICES
      2. Show waiting status for a device to be plugged in to USB “Searching/finder similar to aviation radar.
      3. Once device is discovered notify user that device was plugged in “Color change & message notification” and show some basic stats about their device.
      4. Click again to start Copying of file. Have warning / disclaimer saying “This will copy a small image onto the device, please be advise this is for demo purpose only and should never be used for malicious intent
      5. After file is copied have a success message and save a log of previous runs of the script. “Timestamp and device info

Proposed Developer Skillset

  • Understanding and practical knowledge of file systems and low level interactions with operating system packages (Command Line, File systems, Permissions)
  • Knowledge of a modern programming language that can build executables for all 3 Operating Systems
    • The Jacket packages for each OS don’t necessarily need to be in the same language but must all be documented etc as mentioned below in deliverables
  • Desktop application experience
  • iOS and Android file system knowledge

Knowledge Not Required

  • Relational Databases
  • Web Development

Deliverables

  • 3 Self Contained Downloadable files (1 for each OS) that satisfy the above requirements
  • Documentation of implementation details (both technical and user specs)
  • Demonstratable and reproducible functionality
0
Blog

Leave a Reply Cancel reply