USB drives are passed around like a wad of gum these days. These devices are inexpensive, small and readily available. Their portability makes them a popular choice for storage and transportation of files. They are widely used by almost anyone who uses a computer and most people assume they are completely safe. However, the basic characteristics of a USB drive also makes it an easy target for attackers. Despite knowing that a lot of these devices carry malware, people tend to tend on occasional reformats or antivirus scans. However, the risk is higher than you might think. It is not just about the malware that a USB device might carry but also the core of how these work in the first place. Is the data stored on USB devices actually private and secure?
Dangers that come with USB Storage
Hackers or attackers often use USB drives for infecting the computer it is plugged into with malware. While some attackers do this physically, others have figured out ways of infecting these drives at the time of production itself. So even if you buy a new USB drive, there are chances that it is already infected with malware. These drives can be used for stealing information that is stored in them or from the computers they are inserted into. Using the malware, attackers can gain access to the computer and download any sensitive data that might be stored on them. Even if you turn off the computer on being alerted, the memory of the computer stays active for a few more minutes and this gap is enough for attackers to reboot the system and copy the memory. A lot of the time, most people don’t even realise that their data has been stolen or computer hacked at all.
Another reason why USB drives are a risk is because their small size also means they get lost or stolen quite easily. If the data on your USB drive is not backed up, it can mean losing hours of work and also a risk of someone else taking advantage of your work. If the data is not encrypted, it means loss of privacy and confidentiality. Anyone who accesses that device can now access all your data on it.
A study conducted by Microsoft in 2011 found that USB drives were the cause behind almost 26% of malware infections that had occurred on Windows systems. Researchers at the SR Labs security consultancy also found some innate problems in the firmware of USB drives. According to them, the firmware in all USB devices can be programmed in a way that they hide attack code. So even if you give your USB drive to an expert to delete malware and clean it, chances are, they haven’t checked the hidden attack code. The usual cleaning process of USB drives does not involve reprogramming or reverse engineering skills that are actually essential for the job. This applies to any kind of USB device and not just thumb drives.
Consequences of using an Infected USB Storage
An infected device can do a lot more damage than you can imagine.
- It can transfer all the private data on your computer to the attacker’s device.
- Malware on USB drives can hijack internet traffic by changing the DNS settings on the computer to siphon traffic to other servers.
- An infected USB drive can impersonate a keyboard and type commands into the computer and do anything to it.
- It can secretly spy on all communications that occur on the computer and relay them to the attacker.
- It can allow the attacker to control the infected computer completely and prevent access to the actual owner.
Few steps you can take to Secure your USB Storage
Considering all the major privacy threats on USB devices, users should use them with major caution.
- One of the first things to ensure is to buy such products only from trusted sources.
- It is also important to use the device for interactions between trusted sources. The same way you wouldn’t let random people have access to your passport, choose the people you share your USB drives with carefully as well. A simple way to avoid malware is not to insert the drive into any computer you don’t trust or own. Malware can travel from the computer into your USB drive the same way it can go from a USB drive into your computer.
- Use the security features. Use encryption and passwords on your USB drives to keep your data safe. Also make sure to keep the data backed up in case you lose the drive.
- Disable Autorun. The Autorun feature on your computer allows any USB drive you insert to start working automatically as soon as you insert it. This allows malicious code to infect the computer within seconds. By disabling Autorun, you can prevent such infected drives from working automatically.
- Use security software. Use antivirus software, firewall and anti-spyware software on your computer. This will make it less vulnerable to attacks from USB drives and more. Make sure the software is always up to date.
These are some basic ways of safeguarding your private data that might be stored in the USB drive or the computer that you insert it into. However, remember that even with these safeguards, your data on USB Storages are not fully safe.