Skip to main content

Don’t Plug In That USB Drive!

By August 15, 2016March 2nd, 2023Blog, Technology News

DontXplugXthatXUSBXdriveXinUSB drives. They’re ubiquitous. They’re everywhere. You probably have several floating around your office, or nearby. We tend to use them so often that we don’t even think about it, and that’s a potential problem. At a recent Black Hat hacking convention, a demonstration was performed that proved just how easy it is to gain total control over just about any computer system, no matter how secure. The secret lies in all those little USB drives that nobody seems to think twice about.

Using a combination of one part tech savvy and one part simple social engineering, hackers conducted an experiment. Of course, as this was just a demonstration, the USB drives they used weren’t loaded with anything of a malicious nature. Just a simple bit of code that would send a ping if it made its way onto a network, so that the results could be tracked. Those results were beyond disturbing.

The technical wizardry takes the form of some code that fools the PC that the USB drive is plugged into. Instead of a USB drive, the PC in question recognizes the device as a keyboard, and will happily accept spoofed keyboard commands from it.

The social engineering side of the equation is far simpler. All it takes is attaching the USB drive to a dummy set of keys, then leaving them in a high traffic area where they are sure to be found. Overwhelmingly, when this technique is used, the person who finds the “lost keys” plugs the USB drive in, in an attempt to discover the identity of the drive’s owner.

It’s completely innocent. It’s something most people would do instinctively in order to get the keys to their rightful owner, and the hackers are well aware of this. Once the drive has been plugged in, it’s already too late. The software contained on the drive can begin issuing commands to the PC, which will happily accept them.

The most terrifying thing about this type of attack is that it completely circumvents all Enterprise-level best practices, where data security is concerned. The lesson here is simple. If you aren’t 100% sure the USB drive in question belongs to you, don’t risk plugging it into any device you own.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.