InfoSec Risk: Every USB Giveaway Could Be Your Peril

Did you ever get a free USB flash drive? USB fan, LED light, Wifi adapter, mouse, keyboard, dongle, or a USB god-knows-what for free as a gift? Each and every such device could be prepared to strategically plant exploits in your network and steal data or simply damage your system and files.

This happening isn’t funny on a private level, but it’s disastrous on corporate and enterprise levels. You got a free USB memory storage device worth $1 with the risk of infecting systems with exploits and whatnot. Are these freebies really worth this kind of InfoSec risk? Data corruption, leakage, network infiltration or worse?

My recommendation around these little USB giveaways would be not to trust all of them without calculating the risk. Corporations should ensure that they implement the right IT security policies on all IT assets around allowing or blocking USB devices. And you personally, you always need to do a little bit of risk management. Whether you’re using your own, someone else’s or an organization’s computer, do you fully trust this device?

Blackhats are always smart

The scripts that run on the device could be smart enough to run without you seeing it. They could also host light and sound sensors to make sure the office is dark and empty before the exploitation kicks in. That way nobody could see what’s going on, even if a remote access session was established.

Stormtrooper Star Wars USB Stick Thumbdrive Flash Drive

Even if all staff is InfoSec trained and aware of the risks of using third-party freebies at work, there might be intruders who just happen to walk about. Those social engineers could subtly plant a $5 Raspberry Pi PoisonTap device, which does damage and creates backdoors in five minutes, even when the workstation is locked.

Could it get any worse?

You think that’s it? Far from it. There is basically no limit to who might be using such tactics and what for. Remember Stuxnet, which was believed by many experts, to be an American-Israeli cyberweapon? This program caused significant damage to Iran’s nuclear program. Regardless of that being a good thing or bad thing, it happened. It likely found its way inside the facilities in the form of a USB device.

Your takeaways

Don’t easily trust any kind of USB device. Don’t use freebies and if you’re with marketing, don’t give others USB devices as giveaways. Give them a t-shirt instead. The era of USB flash drives is long over anyway. Don’t be part of this legacy. Don’t be part of the chain to pass on potentially dangerous devices. Have fun and be safe!

Photo credit: Surian SoosayChris Harrison
Source: Nate Anderson (Ars Technica) / Dan Goodin (Ars Technica)

Christopher Isak

Christopher Isak

Managing Editor at TechAcute
Hi there and thanks for reading my article! I'm Chris. I write about tech news, management subjects. Reach out via Twitter or comments, if you like. I'd love to hear from you!
Christopher Isak

@ChristopherIsak

Technology Journalist ✖ Managing Editor at @TechAcuteCom ✖ Geek and Gamer ✖ Hell-bent for truth and progress ✖ INTJ ✖ 茶爱
@HerrNapoli Good job! I approve of it. 😁👍 #NintendoSwitch - 22 mins ago
Christopher Isak

Christopher Isak

Hi there and thanks for reading my article! I'm Chris. I write about tech news, management subjects. Reach out via Twitter or comments, if you like. I'd love to hear from you!

2 thoughts on “InfoSec Risk: Every USB Giveaway Could Be Your Peril

  • June 3, 2017 at 6:21 am
    Permalink

    Great article. You followed my new account on twitter and I did the same for you afterwards as a thank you. As for your article, i could not agree more. I used to be a computer tech, and I think it terrified half of my customers when they forgot their password and all I had to do was stick a USB stick into the USB port and had their system unlocked within minutes. It really is a crazy tech world.

    Reply
    • June 3, 2017 at 2:47 pm
      Permalink

      Hi there! Thanks a lot for following and for making time to read my work. I am really glad that you, as an expert, would also agree to that. Many thanks and have a great day!

      Reply

Leave a Reply