With USB drives being more widely used by many people today, it is important that people remember to exercise security practices when using them. While convenient, they introduce security risks that should be taken into account.
An attacker can use a USB drive to infect someone’s computer with malware by putting it onto a USB drive so that when a victim connects the infected drive into their computer, they’re computer will detect the drive and become infected.
It is not unheard o for an attacker to infect an USB drive during production. A user will then unknowingly buy this infected USB drive containing malware and will infect their computer when they connect it.
An attacker can also use USB drives to steal sensitive information directly from a computer. If they can get access into a user’s computer they can download information directly to their USB drive. Computers that have just been turned off are also possible targets because a computer’s memory is still active for a few minutes even after the power has been shut off. An attacker can connect a USB drive into a computer within this time period, quickly reboot the system from the USB drive, and copy the computer’s memory onto the drive. This includes sensitive information, passwords, and encryption keys. This attack method can be very ideal to attackers since this attack can be carried out without the victim knowing that they have just been attacked.
Probably the most obvious security risk with USB drives are that they can be lost. A lost USB drive is a loss of information or work as well as a compromise of information because the person that finds it can take their information.