How a USB could become security risk for your device

Haythem Elmir

A flash drive or USB may provide a capacity as large as 2TB or could have a small space of 256 MB but it caters the individuals in many aspects especially to store data. However, with the perspective of security, these USB drives could prove to be vulnerable to your devices.

In the mid of the previous year, the famous WikiLeaks Vault 7 series has accused the CIA of infecting USB drives for injecting malware into the PC or device to which they are connected.

More: Watch out for this USB Device Charger, it could be Keystroke Logger: FBI

However, the overwhelming rise in the use of such devices has also raised the incidents regarding privacy. Whereas, the data transfer contains some extreme security risks without you being able to judge the vulnerability before a potential destruction.  The properties of USB drive such as portability and on-the-fly connection to various networks makes it more prone to losses such as physical control and network security breaches.

What Are The Potential Risks?

The flash drives are designed in a way which could have some security flaws in them and according to some researchers, these could impact day-to-day computing. This could be an extreme judgment; however, these could at least bring a suspect to the efficiency and trustworthiness of the routine devices we insert to our PCs such as keyboards, flash drives, external hard drives, mouse, and more.

According to the findings of researchers, Karsten Nohl and Jakob Lell at Security Research Labs, the USB manufacturers do not protect the firmware in USB devices and therefore, a malware could likely overwrite the firmware and could take over the device’s control.

Thumb drives or other USB peripherals can be reprogrammed to steal any data written into the drive. Through such methods the USB is used to transmit the firmware-modifying code to the device it is inserted. This could result in destruction much like the previous one through floppy disks, that is, a self-replicating virus which spreads through sparing thumb drives.

According to US-CERT, the has reported that 25 percent of the malware are transferred through USB drives. Unfortunately, the malware presence is noticed when there are certain symptoms of destruction and a malware in a single device could lead to other PCs in your home or organizational network.

A USB could act maliciously in three ways as predicted by Nohl and Lell;

1. A device could falsely act as a keyboard and issues its own commands to the control system for a malicious act such as to install malware or to steal files.

2. Another way it could be damaging is when the USB device pretends to be a network card. Eventually, it changes the computer’s “Domain name system” and directs you to insert a URL for a website to secretly redirect your traffic.

3. These external hard disks or thumb drive could infect the computers more when they intervene at the boot stage prior than the action of antivirus.

What could be Done to Minimize the USB Threats

Either you are connecting a USB drive to your personal PC or into a device of your organization; certain precautions could help you to evade the potential threats. There are some practices for the individuals to secure their devices from USB virus and vulnerabilities.

Avoid Using An Unknown Flash Drive

Most of us don’t care when it comes to a device like USB. Usually, we store our important data into these storage devices and therefore, it’s common to share it with a friend or colleague. Due to such exchanges, a virus or malware could easily target your device as well.

However, a ‘free stuff’ is never uninvited, so it’s possible that a left out USB flash drive would be accepted by us. But, always remember that these abandon devices might be purposed to fool you to load a malware into your PC or another device. For that, a survey report shows that the almost 50 percent of individuals who find a lost UBS, they insert it into their device without following certain precautions.

To read the original article:

How a USB could become security risk for your device

Laisser un commentaire

Next Post

Fake anti-virus pages popping up like weeds

Introduction With recent media coverage on Meltdown and Spectre, many other security issues get buried in the mix.  One such issue I’ve run across for many months now is fake anti-virus (AV) web pages or other unwanted destinations that pop up after viewing a legitimate, but compromised, website. Last week, […]