Malicious USBs can allow attackers to obtain a user's passwords, access their devices, and even irreversibly damage their computer.
It's understandable that when people find a misplaced USB drive or memory stick, they want to find out what it contains. Human curiosity is what attackers exploit, after all. However, plugging an unauthenticated device into your own or work computer can be very dangerous, and USB flash drives are still a common way for attackers to infect computers with viruses and malware. They can damage your devices and data in seconds. If you think this can't happen to you, think again!
You can find a malicious flash drive on the street, at school, or at work. The problem with USB security is more complex than ever, and the popularity of related threats has only been amplified through the growing presence of online video tutorials on making these devices and the increased availability of hardware. It's not just flash drives that we’re talking about here – other USB devices can also be infected, including seemingly innocent cables.
In addition to the aforementioned case of “lost” USBs, there are also cases of malicious flash drives that people receive for free as promotional materials at conferences, job fairs, or other events.
How do malicious USB attacks work?
In a nutshell, malicious USB attacks can be broken down into the following steps: First, the attacker uploads malicious code to the USB device, which is executed when connected to a computer or when the user opens an infected file stored on the drive. If the user has antivirus installed on their device, the risk is greatly reduced – this is because an antivirus program can detect the malicious behavior and stop the attack.
The second option is to set the hardware of the USB device so that the computer perceives it as a keyboard or webcam when connected. This makes it easier for an attacker to overcome security measures and infect the user's computer with malware.
The most commonly used type of such malicious device is the so-called Rubber Ducky, which appears to be a regular USB drive but actually mimics a keyboard. When plugged into a computer, it can "press" predetermined keys and execute malicious code. Rubber Ducky also appeared in the second season of Mr. Robot, which portrayed Rami Malek as a young hacker. (If you're thinking about what to tune into tonight, this series is definitely worth a watch!)
What are the dangers of USB flash drives?
A malicious USB device can allow a victim to steal stored passwords, gain access to sensitive files, or directly open a backdoor to gain control of a device. In rare cases, it can even damage the device so badly that it can no longer be used.
Malicious USBs can also be an effective way for cybercriminals to bypass some corporate security measures. They can use them to gain access to a computer, server, or an organization’s network. An attacker usually only needs to wait for an employee to voluntarily plug the device into their work computer.
How to protect yourself from malicious USB devices
- Beware of unauthenticated devices: Only connect your own USB devices to your computer, where you know the contents and purpose. Don't plug a drive into your computer that you found somewhere or are unsure who it belongs to.
- Unplug USB devices automatically: You can specify in your computer's settings which devices can connect to it automatically. We recommend that you disable this option for all devices. This will give you more control over your computer and prevent connected USB devices from automatically running programs.
- Don't run or install anything from someone else's USB: The same applies to any file you find on someone else's USB as it does to those you find on the internet – be careful not to run or install programs.
- Use antivirus: You can prevent some attacks from a malicious USB if you protect your computer with a robust antivirus.