#FactCheck-AI-Generated Viral Image of US President Joe Biden Wearing a Military Uniform

Introduction

In the hyper-connected era, something as mundane as charging your phone can become a gateway to cyberattacks. A recent experience of Assam Chief Minister Himanta Biswa Sarma has reignited fears of an emerging digital menace called juice jacking. Sarma, who was taking an Emirates flight from Delhi to Dubai, used an international charger and cable provided by another passenger on board. As he afterwards reported on X (formerly Twitter), the passenger got off while he slept and so could not return the borrowed items. Though most people admired the CM's humility and openness, cybersecurity experts and citizens were quick to point out a possible red flag, that it could be a juice-jacking attempt. Whether by design or not, the scene calls out to the concealed risks of using unfamiliar charging equipment, particularly for those who hold sensitive roles.

What Is Juice Jacking?

Juice jacking takes advantage of the multi-purpose nature of USB connectors, which can carry both electrical energy and information. Attackers hack USB ports or cables to either:

• Insert harmful payloads (malware, spyware, ransomware) during power transfer, or
• Create unauthorised data pathways for silent information exfiltration.

Types of Juice Jacking Attacks

1. Data Theft (Exfiltration Attack): The USB cable or port is rigged to silently extract files, media, contacts, keystrokes, or login information from the attached phone.
2. Malware Injection (Payload Attack): The USB device is set to impersonate a Human Interface Device (HID), such as a keyboard. It sends pre-defined commands (shell scripts, command-line inputs) to the host, loading backdoors or spying tools.
3. Firmware Tampering: In more sophisticated cases, attackers implement persistent malware at the bootloader or firmware level, bypassing antivirus protection and living through factory resets.
4. Remote Command-and-Control Installation: Certain strains of malware initiate backdoors to enable remote access to the device over the internet upon reconnection to a live network.

Why the Assam CM’s Incident Raised Flags 

Whereas CM Sarma's experience was one of thanks, the digital repercussions of this scenario are immense:

• High-value targets like government officials, diplomats, and corporate executives tend to have sensitive information.
• A hacked cable can be used as a spy tool, sending information or providing remote access.
• With the USB On-The-Go (OTG) feature in contemporary Android and iOS devices, an attacker can run autorun scripts and deploy payloads at device connect/disconnect.
• If device encryption is poor or security settings are incorrectly configured, attackers may gain access to location, communication history, and app credentials.

Technical Juice Jacking Indicators

The following are indications that a device could have been attacked:

• Unsolicited request for USB file access or data syncing on attaching.
• Faster battery consumption (from background activities).
• The device is acting strangely, launching apps or entering commands without user control.
• Installation of new apps without authorisation.
• Data consumption increases even if no browsing is ongoing.

‍

CyberPeace Tech-Policy Advisory: Preventing Juice Jacking

‍

1. Hardware-Level Mitigation
   
   1. Utilise USB Data Blockers: Commonly referred to as "USB condoms," such devices plug the data pins (D+ and D-), letting only power (Vcc and GND) pass through. This blocks all data communication over USB.
   2. Charge-Only Cables: Make use of cables that physically do not have data lines. These are specifically meant to provide power only.
   3. Carry a Power Bank: Use your own power source, if possible, for charging, particularly in airports, conferences, or flights.

2. Operating System(OS) Level Protections

1. iOS Devices:

‍

Enable USB Restricted Mode:

Keep USB accessories from being able to connect when your iPhone is locked.

Settings → Face ID & Passcode → USB Accessories → Off

‍

2. Android Devices:

Disable USB Debugging:

Debugging makes device access available for development, but it can be taken advantage of. If USB Debugging is turned on, and someone connects your phone to a computer, they might be able to access your data, install apps, or even control your phone, especially if your phone is unlocked. Hence, it should be kept off. 

Settings → Developer Options → USB Debugging → Off

‍

3. Set USB Default to 'Charge Only'

Settings → Connected Devices → USB Preferences → Default USB Configuration → Charge Only

‍

3) Behavioural Recommendations

• Never take chargers or USB cables from strangers.
• Don't use public USB charging points, particularly at airports or coffee shops.
• Turn full-disk encryption on on your device. It is supported by most Android and all iOS devices.
• Deploy endpoint security software that can identify rogue USB commands and report suspicious behaviour.
• Check cables or ports physically, many attack cables are indistinguishable from legitimate ones (e.g., O.MG cables).

Conclusion

"Juice jacking is no longer just a theoretical or obscure threat. In the age of highly mobile, USB-charged devices, physical-layer attacks are becoming increasingly common, and their targets are growing more strategic. The recent case involving the Assam Chief Minister was perhaps harmless, but it did serve to underscore a fundamental vulnerability in daily digital life. As mobile security becomes more relevant to individuals and organisations worldwide, knowing about hardware-based attacks like juice jacking is essential. Security never needs to be sacrificed for convenience, particularly when an entire digital identity might be at risk with just a single USB cable.

References

• https://www.indiatoday.in/trending-news/story/assam-chief-minister-himanta-biswa-sarma-x-post-on-emirates-passenger-sparks-juice-jacking-concerns-2706349-2025-04-09
• https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2016-0085
• https://www.fcc.gov/juice-jacking-tips-to-avoid-it
• https://www.cyberpeace.org/resources/blogs/juice-jacking
• https://support.apple.com/en-in/HT208857
• https://developer.android.com/studio/debug/dev-options

‍

Introduction 

The pervasive issue of misinformation in India is a multifaceted challenge with profound implications for democratic processes, public awareness, and social harmony. The Election Commission of India (ECI) has taken measures to counter misinformation during the 2024 elections. ECI has launched campaigns to educate people and urge them to verify election-related content and share responsibly on social media. In response to the proliferation of fake news and misinformation online, the ECI has introduced initiatives such as ‘Myth vs. Reality’ and  'VerifyBeforeYouAmplify' to clear the air around fake news being spread on social media. EC measures aim to ensure that the spread of misinformation is curbed, especially during election time, when voters consume a lot of information from social media. It is of the utmost importance that voters take in facts and reliable information and avoid any manipulative or fake information that can negatively impact the election process. 

EC Collaboration with Tech Platforms

In this new age of technology, the Internet and social media continue to witness a surge in the spread of misinformation, disinformation, synthetic media content, and deepfake videos. This has rightly raised serious concerns. The responsible use of social media is instrumental in maintaining the accuracy of information and curbing misinformation incidents. 

The ECI has collaborated with Google to empower the citizenry by making it easy to find critical voting information on Google Search and YouTube. In this way, Google supports the 2024 Indian General Election by providing high-quality information to voters, safeguarding platforms from abuse, and helping people navigate AI-generated content. The company connects voters to helpful information through product features that show data from trusted organisations across its portfolio. YouTube showcases election information panels, including how to register to vote, how to vote, and candidate information. YouTube's recommendation system prominently features content from authority sources on the homepage, in search results, and in the "Up Next" panel. YouTube highlights high-quality content from authoritative news sources during key moments through its Top News and Breaking News shelves, as well as the news watch page. 

Google has also implemented strict policies and restrictions regarding who can run election-related advertising campaigns on its platforms. They require all advertisers who wish to run election ads to undergo an identity verification process, provide a pre-certificate issued by the ECI or anyone authorised by the ECI for each election ad they want to run where necessary, and have in-ad disclosures that clearly show who paid for the ad. Additionally, they have long-standing ad policies that prohibit ads from promoting demonstrably false claims that could undermine trust or participation in elections.

CyberPeace Countering Misinformation

CyberPeace Foundation, a leading organisation in the field of cybersecurity works to promote digital peace for all. CyberPeace is working on the wider ecosystem to counter misinformation and develop a safer and more responsible Internet. CyberPeace has collaborated with Google.org to run a pan-India awareness-building program and comprehensive multilingual digital resource hub with content available in up to 15 Indian languages to empower over 40 million netizens in building resilience against misinformation and practising responsible online behaviour. This step is crucial in creating a strong foundation for a trustworthy  Internet and secure digital landscape.  

Myth vs Reality Register by ECI

The Election Commission of India (ECI) has launched the 'Myth vs Reality Register' to combat misinformation and ensure the integrity of the electoral process during the general elections 2024. The 'Myth vs Reality Register' can be accessed through the Election Commission's official website (https://mythvsreality.eci.gov.in/). All stakeholders are urged to verify and corroborate any dubious information they receive through any channel with the information provided in the register. The register provides a one-stop platform for credible and authenticated election-related information, with the factual matrix regularly updated to include the latest busted fakes and fresh FAQs. The ECI has identified misinformation as one of the challenges, along with money, muscle, and Model Code of Conduct violations, for electoral integrity. The platform can be used to verify information, prevent the spread of misinformation, debunk myths, and stay informed about key issues during the General Elections 2024.

The ECI has taken proactive steps to combat the challenge of misinformation which could cripple the democratic process. EC has issued directives urging vigilance and responsibility from all stakeholders, including political parties, to verify information before amplifying it. The EC has also urged responsible behaviour on social media platforms and discourse that inspires unity rather than division. The commission has stated that originators of false information will face severe consequences, and nodal officers across states will remove unlawful content. Parties are encouraged to engage in issue-based campaigning and refrain from disseminating unverified or misleading advertisements.

Conclusion

The steps taken by the ECI have been designed to empower citizens and help them affirm the accuracy and authenticity of content before amplifying it. All citizens must be well-educated about the entire election process in India. This includes information on how the electoral rolls are made, how candidates are monitored, a complete database of candidates and candidate backgrounds, party manifestos, etc. For informed decision-making, active reading and seeking information from authentic sources is imperative. The partnership between government agencies, tech platforms and civil societies helps develop strategies to counter the widespread misinformation and promote online safety in general, and electoral integrity in particular. 

References 

• https://pib.gov.in/PressReleasePage.aspx?PRID=2017375

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2016941#:~:text=To%20combat%20the%20spread%20of,the%20ongoing%20General%20Elections%202024
• https://www.business-standard.com/elections/lok-sabha-election/ls-elections-2024-ec-uses-social-media-to-nudge-electors-to-vote-124040700429_1.html
• https://blog.google/intl/en-in/company-news/outreach-initiatives/supporting-the-2024-indian-general-election/
• https://blog.google/intl/en-in/partnering-indias-success-in-a-new-digital-paradigm/

‍

Introduction

Cybersecurity threats have been globally prevalent for quite some time now. All nations, organisations and individuals stand at risk from new and emerging potential cybersecurity threats, putting finances, privacy, data, identities and sometimes human lives at stake. The latest Data Breach Report by IBM revealed that nearly a staggering 83% of organisations experienced more than one data breach instance during 2022. As per the 2022 Data Breach Investigations Report by Verizon, the total number of global ransomware attacks surged by 13%, indicating a concerning rise equal to the last five years combined. The statistics clearly showcase how the future is filled with potential threats as we advance further into the digital age.  

Who is Okta?  

Okta is a secure identity cloud that links all your apps, logins and devices into a unified digital fabric. Okta has been in existence since 2009 and is based out of San Francisco, USA and has been one of the leading service providers in the States. The advent of the company led to early success based on the high-quality services and products introduced by them in the market. Although Okta is not as well-known as the big techs, it plays a vital role in big organisations' cybersecurity systems. More than 18,000 users of the identity management company's products rely on it to give them a single login for the several platforms that a particular business uses. For instance, Zoom leverages Okta to provide "seamless" access to its Google Workspace, ServiceNow, VMware, and Workday systems with only one login, thus showing how Okta is fundamental in providing services to ease the human effort on various platforms. In the digital age, such organisations are instrumental in leading the pathway to innovation and entrepreneurship. 

The Okta Breach

The last Friday, 20 October, Okta reported a hack of its support system, leading to chaos and havoc within the organisation. The result of the hack can be seen in the market in the form of the massive losses incurred by Okta in the stock exchange. 

Since the attack, the company's market value has dropped by more than $2 billion. The well-known incident is the most recent in a long line of events connected to Okta or its products, which also includes a wave of casino invasions that caused days-long disruptions to hotel rooms in Las Vegas, casino giants Caesars and MGM were both affected by hacks as reported earlier this year. Both of those attacks, targeting MGM and Caesars’ Okta installations, used a sophisticated social engineering attack that went through IT help desks.

What can be done to prevent this? 

Cybersecurity attacks on organisations have become a very common occurrence ever since the pandemic and are rampant all across the globe. Major big techs have been successful in setting up SoPs, safeguards and precautionary measures to protect their companies and their digital assets and interests. However, the Medium, Mico and small business owners are the most vulnerable to such unknown high-intensity attacks. The governments of various nations have established Computer Emergency Response Teams to monitor and investigate such massive-scale cyberattacks both on organisations and individuals. The issue of cybersecurity can be better addressed by inculcating the following aspects into our daily digital routines: 

• Team Upskilling: Organisations need to be critical in creating upskilling avenues for employees pertaining to cybersecurity and threats. These campaigns should be run periodically, focusing on both the individual and organisational impact of any threat.  
• Reporting Mechanism for Employees and Customers: Business owners and organisations need to deploy robust, sustainable and efficient reporting mechanisms for both employees well as customers. The mechanism will be fundamental in pinpointing the potential grey areas and threats in the cyber security mechanism as well. A dedicated reporting mechanism is now a mandate by a lot of governments around the world as it showcases transparency and natural justice in terms of legal remedies.  
• Preventive, Precautionary and Recovery Policies: Organisations need to create and deploy respective preventive, precautionary and recovery policies in regard to different forms of cyber attacks and threats. This will be helpful in a better understanding of threats and faster response in cases of emergencies and attacks. These policies should be updated regularly, keeping in mind the emerging technologies. Efficient deployment of the policies can be done by conducting mock drills and threat assessment activities.  
• Global Dialogue Forums: It is pertinent for organisations and the industry to create a community of cyber security enthusiasts from different and diverse backgrounds to address the growing issues of cyberspace; this can be done by conducting and creating global dialogue forums, which will act as the beacon of sharing best practices, advisories, threat assessment reports, potential threats and attacks thus establishing better inter-agency and inter-organisation communication and coordination.  
• Data Anonymisation and Encryption: Organisations should have data management/processing policies in place for transparency and should always store data in an encrypted and anonymous manner, thus creating a blanket of safety in case of any data breach.
• Critical infrastructure: The industry leaders should push the limits of innovation by setting up state-of-the-art critical cyber infrastructure to create employment, innovation, and entrepreneurship spirit among the youth, thus creating a whole new generation of cyber-ready professionals and dedicated netizens. Critical infrastructures are essential in creating a safe, secure, resilient and secured digital ecosystem. 
• Cysec Audits & Sandboxing: All organisations should establish periodic routines of Cybersecurity audits, both by internal and external entities, to find any issue/grey area in the security systems. This will create a more robust and adaptive cybersecurity mechanism for the organisation and its employees. All tech developing and testing companies need to conduct proper sandboxing exercises for all or any new tech/software creation to identify its shortcomings and flaws. 

‍Conclusion 

In view of the rising cybersecurity attacks on organisations, especially small and medium companies, a lot has been done, and a lot more needs to be done to establish an aspect of safety and security for companies, employees and customers. The impact of the Okta breach very clearly show how cyber attacks can cause massive repercussion for any organisation in the form of monetary loss, loss of business, damage to reputation and a lot of other factors. One should take such instances as examples and learnings for ourselves and prepare our organisation to combat similar types of threats, ultimately working towards preventing these types of threats and eradicating the influence of bad actors from our digital ecosystem altogether. 

‍

References: 

• https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach#:~:text=In%202022%2C%20the%20global%20average,legal%20fees%2C%20and%20audit%20fees.
• https://www.okta.com/intro-to-okta/#:~:text=Okta%20is%20a%20secure%20identity,use%20to%20work%2C%20instantly%20available.
• https://www.cyberpeace.org/resources/blogs/mgm-resorts-shuts-down-it-systems-after-cyberattack

‍

‍