USB Drive Threats

With USB drives being more widely used by many people today, it is important that people remember to exercise security practices when using them. While convenient, they introduce security risks that should be taken into account.

An attacker can use a USB drive to infect someone’s computer with malware by putting it onto a USB drive so that when a victim connects the infected drive into their computer, they’re computer will detect the drive and become infected.

It is not unheard o for an attacker to infect an USB drive during production. A user will then unknowingly buy this infected USB drive containing malware and will infect their computer when they connect it.

An attacker can also use USB drives to steal sensitive information directly from a computer. If they can get access into a user’s computer they can download information directly to their USB drive. Computers that have just been turned off are also possible targets because a computer’s memory is still active for a few minutes even after the power has been shut off. An attacker can connect a USB drive into a computer within this time period, quickly reboot the system from the USB drive, and copy the computer’s memory onto the drive. This includes sensitive information, passwords, and encryption keys. This attack method can be very ideal to attackers since this attack can be carried out without the victim knowing that they have just been attacked.

Probably the most obvious security risk with USB drives are that they can be lost. A lost USB drive is a loss of information or work as well as a compromise of information because the person that finds it can take their information.

http://www.us-cert.gov/cas/tips/ST08-001.html

Advertisements

6 thoughts on “USB Drive Threats

  1. Human curiosity at play here. So many oblivious people would throw any disc or cd into their computer without giving it a second thought.

    • True, I admit I was guilty of it until fairly recently. Despite this, more people should have security in mind and think of the possible risks when plugging in an unknown flash drive into their computer. Unfortunately however, I think that without the prior knowledge of security practices, a person would only learn after having been attacked and suffered greatly from it.

  2. If you have sensitive info on a USB drive keep it encrypted so if it is lost that info can’t be used. Of course most people are not going to be thinking about that, but we all can be hopeful.

    • Encryption is definitely a good practice to help protect your information. Outside of making sure that you do not lose your flash drive, sensitive information should be encrypted in the case that your flash drive is lost.

  3. The biggest problem with the USB drive is the way that most computer systems immediately recognize these devices and “mount” them to the computer, assigning it the next available drive letter. That wasn’t the case when using the 3.5″ floppy disks. A person could scan the files on the floppy before actually using the files. That is one of the ancient work-arounds, but the U.S. Department of Commerce has some more ideas at their website:

    http://csrc.nist.gov/groups/SMA/fasp/documents/production_io_controls/USBDriveSecurity.pdf

    Opening quickly (rather than safely) was probably a feature that was driven by consumers.

    • You’re right. Sadly consumers are willing to compromise security for the sake of convenience. One could argue that not only consumers should take more steps in order to be more secure, but also that the businesses would provide more security to the users.

      And the link you posted had some other good points.

Comments are closed.