Did you come across a random USB stick at school or in a parking lot? You might be tempted to plug it into your computer, but you risk exposing yourself to assault or, worse, permanently damaging your computer. This is why.
USB Drives Can Be a Danger to Your Computer
1-Malware Can Be Spread Via USB Sticks
Malware is perhaps the most common threat posed by a USB drive. Depending on the malware, infection via this manner can be both purposeful and unintended.
The Stuxnet worm, which was first identified in 2010, is perhaps the most well-known example of malware spread via USB. This malware wrecked havoc on roughly 20% of Iran’s nuclear centrifuges by exploiting four zero-day weaknesses in Windows 2000 through Windows 7 (and Server 2008).
Stuxnet is thought to have been introduced directly using a USB device because these facilities were not accessible via the internet. A worm is one type of self-replicating malware that can be propagated this way.
Remote access trojans (RATs), which offer a potential attacker direct control of the target, keyloggers, which record keystrokes to steal credentials, and ransomware, which demands money in exchange for access to your operating system or data, can all be spread via USB devices.
Ransomware is becoming more prevalent, and USB-based attacks are becoming more widespread. In early 2022, the FBI disclosed information regarding a gang known as FIN7 that was sending USB devices to US businesses.
Read More: The Top 10 Smallest Mini ITX Cases for Space Saving
The gang tried to pass itself off as the US Department of Health and Human Services by providing letters referencing COVID-19 standards with the USB drives, as well as sending some infected drives out in Amazon-branded gift boxes with thank you notes and fake gift cards.
The USB drives were disguised as keyboards and relayed keystrokes that performed PowerShell commands to the target PC in this attack. The FBI reported that the organization was able to gain administrator access on target PCs in addition to installing ransomware such as BlackMatter and REvil.
The nature of this attack highlights how easily USB devices can be exploited. Whether it’s detachable drives, gamepads, or keyboards, most of us expect USB-connected devices to “just work.” Even if you’ve set your computer to scan all incoming disks, you’re still vulnerable if a device masquerades as a keyboard.
In addition to being used to deliver a payload, USB drives can be infected simply by being inserted into a hacked machine. These freshly infected USB devices are subsequently utilized as vectors to infect other computers, including yours. This is how malware can be picked up through public computers, such as those found at a public library.
2-“USB Killers” Have the Potential to Fry Your Computer
While malicious software supplied by USB is a real hazard to your computer and data, there is a possibly much more serious concern in the form of “USB killers,” which can physically harm your PC. In the mid-2010s, these devices made quite a stir, with the most well-known being the USB Kill, which is now in its fourth incarnation.
This device (and others like it) discharges power into whatever it is plugged into, permanently damaging the device. Unlike a software assault, a “USB killer” is solely meant to cause hardware harm to the target device. How Much RAM Does Your Computer Require?
Although data recovery from hard drives is possible, components such as the USB controller and motherboard are unlikely to survive the attack. According to USBKill, 95% of devices are vulnerable to such an attack.
These devices may deliver a severe shock to additional ports, including cellphones with proprietary connections (like Apple’s Lightning connector), smart TVs and displays (even over DisplayPort), and network devices, in addition to your computer via USB drives.
While early versions of the USB Kill “pentesting gadget” reused power from the target computer, current versions have internal batteries that can be utilized even when the target computer is turned off. Private corporations, military firms, and law enforcement agencies all over the world use the USB Kill V4 as a branded security tool.
On Ali Express, we got similar unbranded devices that appear like regular flash drives for less than $9. These are the thumb drives you’re more likely to come across in the wild, with no obvious evidence of the harm they might wreak.
3-How to Handle USB Devices That Could Be Dangerous
Examining every device you connect is the simplest approach to keep your gadgets secure from danger. Don’t touch a drive if you don’t know where it came from. Stick to brand-new drives that you bought yourself, and only use them with devices you can trust. You can buy USB sticks with write access restrictions that you can lock before connecting them (to prevent malware from being written to your drive).
Some drives come with passcodes or physical keys that hide the USB port so that no one else can use it (though these aren’t always uncrackable). While USB killers can cause hardware damage worth hundreds or thousands of dollars, you’re unlikely to come across one unless you’re particularly targeted.
Malware can spoil your day or week, and some ransomware will steal your money before destroying your files and operating system. Some malware is designed to encrypt your data in such a way that it cannot be recovered, and the greatest defense against data loss is to always have a reliable backup solution. At the very least, you should have a local and a remote backup.
Cloud storage services like Dropbox, Google Drive, and iCloud Drive are more convenient and secure than USB devices for moving files between computers or individuals. Large files may still be an issue, but there are cloud storage services geared to sending and receiving large files that you might use instead.
If sharing drives is inevitable, be sure that the other parties are aware of the risks and are taking precautions to protect themselves (and you by extension). Running anti-malware software is an excellent place to start, especially if you’re using Windows.
Users using Linux can install USB Guard and use a simple whitelist and blacklist to allow and prohibit access as needed. With Linux malware becoming more common, USBGuard is a simple and free utility you may use to provide further malware security.
Read More: Best Media Player Windows 10 and 11s
Take precautions
Because cloud storage has mostly supplanted physical devices, malware distributed over USB poses little concern to most individuals. “USB killers” seem terrifying, but you’re unlikely to come across one. However, it would be naïve to think that such attacks do not occur.
They sometimes send letters addressed to specific people by name. Other times, they’re state-sanctioned hacks that cause widespread damage to infrastructure. Follow a few basic security guidelines to stay secure both online and offline.
