USB is a popular technology in all modes of today’s society. You’d be hard-pressed to find a modern piece of technology that’s not compatible in some way, shape or form with USB. Thumb drives, chargers, and even portable drives all use this common technology. However, this also means that hackers can take advantage of its popularity to spread malware and other problems.
If a USB device is infected with malware, it can put not just your computer, but even your entire data infrastructure at risk. We’ll discuss some of the many USB threats out there, including some that are more dangerous than you might think.
USB Kill 2.0
What happens when you push too much electricity into a device? It will experience a power surge, much like how a lightning storm could result in a power outage. Unfortunately, when used by hackers, this trait of electronics is a potent terror tactic. USB Kill is one particular threat that creates dongles designed to siphon power from a device, then release the energy back into the system to kill it. Scary indeed.
The device was originally intended to help hardware developers test the device’s ability to resist what’s referred to as “juice jacking.” Juice jacking is more easily described as the theft of data during the charging process. USB Kill 2.0 was capable of permanently damaging 95 percent of all devices that were tested.
USB Kill was frequently successful when attempting to wipe data from the device. Though this isn’t the designated purpose of USB Kill, it’s a side-effect that hackers have been able to leverage for their purposes–simply because the charge is enough to fry the drive controllers. Someone who wants to use this device can get it for as little as $56, which is further influenced by the fact that there aren’t effective protections against this type of threat. All you can really do is inform your employees that they shouldn’t be plugging in just any old USB device.
It’s a security best practice that you lock your device whenever you leave it unattended. It doesn’t matter if you’re leaving for the end of the day or taking a short stroll around the office–if you don’t lock your computer, it’s a security risk. Even if your device is locked, though, a security researcher created a way to extract data from a locked computer using a USB device. The USB device masks its malicious intentions by making the target PC adopt the device as the preferred network interface. This lets the hacker sap data out of the computer and send it to another connected system. In this particular case, it’s best to just not leave your computer unattended.
What’s a Business to Do?
Even though not all USB devices contain dangerous malware, it’s still not safe to just plug in any old device into your organization’s infrastructure. You can take a two-pronged approach to reinforce how your business handles USB devices:
- First, educate your team on how to use them properly.
- Second, enforce a policy that demands any and all devices be checked into IT and examined for threats before being plugged into your office’s technology.
Of course, if USB drives are a regular occurrence in your office, you can avoid this pain in the neck by implementing a cloud solution for your mobile storage needs. It’s also recommended that you secure any exposed ports with locks or similar devices.
In terms of security, while USB has been one of the most affordable and convenient ways to transfer data, it falls short of business-class standards. You should be looking to other solutions, like cloud computing, that can keep you connected to your data from anywhere at any time. A good cloud can offer you mobility and security, and in a world where data theft isn’t out of the question, you need all of the advantages that you can get.
To learn more about network security or cloud computing, reach out to us at 212-796-6061.