Singapore’s public transport operators had no attempts to breach wi-fi access points or public charging stations - known as “juice jacking” attacks - but are conducting daily checks.
Minister for Transport S Iswaran told Singapore’s parliament yesterday that there “have been no reported attempts to breach wi-fi access points or public charging stations at our public transport nodes”.
The statement came in response to a question by Yip Hon Weng, a fellow member of the governing People's Action Party (PAP), on Singapore’s exposure to device compromise in this way.
Though neither called it as such, the attack type is known as "juice jacking" and has gained global prominence over the past few weeks.
The issue started with a tweet from the FBI, warning people to “avoid using free charging stations in airports, hotels or shopping centres” due to the risk of malware or monitoring software being loaded onto devices via compromised charging stations or access points.
It’s been largely dismissed as nonsense and fear-mongering by cyber security experts, but its high profile - including a joint advisory last month by Singapore-based authorities - has led the Singapore government to make a statement about the threat level it poses.
Iswaran said that wi-fi access points at Singapore’s transport nodes “operate via the wireless SGx network and comply with prevailing standards by Infocomm Media Development Authority.”
“Data transmitted via wireless at SGx is encrypted,” he said.
“Charging stations, which are provided by public transport operators, can only transmit power and not data to and from the devices. Specifically, the USB ports in public transport nodes already have their data transmission pins removed. Only power transmission pins are present in the ports.”
Iswaran said that public transport operators (PTO) staff look at device charging points as part of daily checks.
“The PTO staff conduct inspections of the various facilities including the buses and the transport nodes on a daily basis, and as part of the protocol this includes the charging points as well,” he said.
“It’s not specifically just about these charging points or these USB ports - it is part of the larger regular inspection regime that they have, and they conduct and they’re trained to pay particular attention to this.”
Iswaran said that staff are trained to “pick up signs of physical tampering through regular visual inspection and feedback from commuters.”
“Closed circuit television cameras can also detect and deter such attempts,” he said.
Iswaran said there is signage at charging stations on the transport network “reminding users to practice good cyber hygiene such as using their own power plugs and cables.”
He also directed members of the public to the advice of the Cyber Security Agency of Singapore and the Singapore Police Force, issued last month, on protecting mobile devices from malicious wireless and wired connections.
