Dangerous USB Drives: What Connecting a USB Device Can Lead To

02 min

You might think this is an outdated topic aimed at simpletons, and that you are well aware of this threat. I assure you, this is not the case. This threat is far more dangerous than it is commonly perceived; it includes not only the banal act of dropping USB drives with viruses but also the sale of infected drives in stores or giving them away as prizes in cybersecurity competitions.

Perhaps the best way to assess the scale of the threat would be to scatter USB drives and see how many victims take the bait. This is exactly what a group of researchers from the University of Illinois did, leaving 297 USB drives in various locations around the educational institution. The drives used in the study collected information about users, although they did not cause any harm.

The results were alarming:

  • 290 out of 297 USB drives were picked up;
  • 135 (45%) of the found drives were not only plugged into a computer but also had one or more files opened on them;
  • 20 drives were plugged into devices without any files being opened.

But that's not all. After opening a file, users were offered to take a short survey with a $10 compensation. After processing the survey results and obtaining various statistical data, the researchers noted several interesting points.

  • Survey participants underestimated the risk of opening malicious files. Some even perceived the files on the USB drive as safe, seeing the .html extension.
  • Fearing infection of their personal computers, survey participants often opened the USB drives on university computers.
  • Study participants believed that the operating system and antivirus would protect them.
  • Some participants took reasonable precautions, such as opening HTML files in a text editor or disconnecting the computer from the network while opening files.

You can find the study results in English here.

Since we are discussing the scientific aspect, let’s classify the threats that can arise from a USB drive or other USB devices, such as external hard drives.

The first is malware written to the USB drive with the intent to infect the victim's computer. This is straightforward, and most readers are aware of this threat. However, autorun of files is now blocked by almost all operating systems and, moreover, antivirus software, so simply opening a USB drive with a trojan is not dangerous in most situations.

Hjälpsamt?

Föregående artikelHacking a Computer via HotkeysNästa artikelData Theft via Web Cache Deception Attack

Håll dig uppdaterad

Prenumerera på våra uppdateringar så att du aldrig missar något.