Why You Should Never Plug in an Unknown USB Device

Image of article titled Why you should never plug in an unknown USB device

Photo: Antonio Guillem (Shutterstock)

Let’s set the scene: you’re out in the world, doing what you’re doing, when you come across an abandoned USB drive. What could be inside? Maybe it’s just someone’s spreadsheets from work, perhaps with information identifying the owner, allowing you to return it. But also, maybe government secrets? The only way to find out is to plug it into your computer and investigate. Here’s the thing, though: don’t do that.

Of course, the USB device you found could be perfectly innocent, unknowingly dropped by someone going the same way as you. However, he could too be a trap, designed to pique your curiosity, and that when you decide to plug it into your personal computer, you will only find malware there.

Malware infected USB devices are a real problem

Although it may sound like something out of the movies, people are actually infecting USB devices with malware and dropping them off for unsuspecting victims to find. The targets vary, big and small, with the most high profile hack probably being against Iran in 2010: one such attempt infected the country’s nuclear facilities with Stunext malwaredespite disconnecting the entire system from all internet communication.

In lower-stakes cases, this may seem like a rather roundabout and random means of attack. After all, phishing emails and text messages can be sent directly to brands, while a USB device must first be unhooked and then plugged in for it to work.

It turns out that the odds of someone plugging in a weird USB drive are pretty high. A study dropped nearly 300 USB devices on a “large college campus” and found that 98% of the devices were picked up by students and staff, and almost half decided to plug the USB device into their computer, the first connection occurring in six minutes. after the start of the study. All this to say that there is likely a hacker’s payback in this scenario.

This problem is not new. US-CERTs (Computer Emergency Response Teams) issued a warning in 2008 about USB devices infected with malware. Before that, floppy disks were used in the same way. And while we’ve been able to move away from physical storage in favor of the cloud, USB devices are still ubiquitous enough to pose this threat.

It’s hard to say How? ‘Or’ What This threat is really common, but with the increase in cyber attacks, prevention is always better than cure. Avoiding connecting a strange USB device to your personal computer is simply good cybersecurity practice, just like not reusing the same password twice helps protect your accounts.

That said, if you can’t fight your curiosity, you’re not entirely out of options (although you may be entering unethical territory). In a Reddit thread on the subject, a user describes how he takes every USB device he finds to a Best Buy to test it on the store’s computers. I won’t vouch for this method, as I can’t tolerate risking store ownership, but the general idea – verifying USB without risking your device and your personal info, or someone else’s info. other – is valid. Which is good, because let’s face it: you’re definitely going to plug in that USB device.


About Author

Comments are closed.