It seems like everything available today can function with a USB connection, be it a thumb drive, device charger, or a desktop device--there are even USB-powered mini fridges meant for a single soda can. Unfortunately, “everything” includes malicious devices and malware.
If a USB drive is infected by malware, you can put your computer and data at risk by merely plugging it in, and there are some malicious USB devices out there that pose some pretty serious threats.
USB Kill 2.0
Despite being powered by electricity, computers don’t mix well with too much charge, as USBKill.com has capitalized on. Creating a dongle that is capable of siphoning power off of the device it is plugged into, USBKill.com’s proprietary device then releases the energy back into the system as a power surge attack.
Intended for hardware developers to test their devices’ resistances against ‘juice jacking' (a form of data theft that extracts data as a device is charging), the USB Kill 2.0 permanently damaged--if not destroyed--95% of all devices it was tested with without the company’s proprietary USB protection shield. This shield is what allows the USB Kill 2.0 to be safely used for its intended purpose--to test electrical attack resistance.
What’s more, in some cases when used without the shield, the USB Kill 2.0 wipes data from the device. While this is not what the USB Kill 2.0 is intended to do, this occurs simply because the charge is enough to damage the device’s drive controllers.
Needless to say, a business saboteur could find great use in the $56 USB Kill 2.0 as a method of attack, and there aren’t many effective protections a workplace can implement, besides educating employees to resist the temptation of plugging in any USB device they find.
Best practices for workstation security dictate that a system be locked whenever its user steps away, no matter how briefly. However, a security researcher recently discovered a method of extracting data from a locked computer using, you guessed it, a USB-connected device. By disguising itself in a particular way, the target computer adopts the device as the preferred network interface, allowing the hacker to extract data to a rogue computer attached to the cable’s other end in about 13 seconds. The best defense, according to the researcher who uncovered this flaw: don’t leave your workstation logged in and unattended, even with the screen locked.
What a Business Can Do to Protect Itself
Of course, not all USBs are evil carriers of the worst malwares and threats, but by no means should they be used after being found on the street willy-nilly, especially in a workplace setting. In order to protect business workstations and data from threats, simply enforce a requirement to have any USBs fully checked by your IT department before in-office use. Alternatively, consider utilizing a cloud solution as a much safer option to meet your mobile storage needs.
To protect your business from possible saboteurs introducing their USB-based malware, it is also wise to secure exposed ports with locking devices.
While USB devices seem to be the pinnacle of affordable convenience in data storage, they are far more trouble than they are worth, at least in terms of security. There are much safer solutions to implement that feature equal, if not greater mobility than even a flash drive. A cloud solution, for instance, can be accessed from anywhere there is an Internet connection, kept safe in a well-protected, offsite location. New and improved solutions like these make risk-laden devices, such as USB dongles, unnecessary.
For more IT tips, tricks, and solutions, subscribe to our blog.