Search

Hacking via USB keys: risks and protection

USB sticks are used by hackers to steal or destroy data.

"Abandoned" USB drives... those poisoned gifts

The study is five years old, but it's still good enough to be in the news today. In 2016, researchers from the University of Illinois, Michigan, and Google spread 297 flash drives across their university's campus. According to Numerama, "98 percent of the flash drives abandoned on campus were picked up by passersby, and at least 45 percent of them were opened to inspect the contents."

Only 13% of the individuals who agreed to answer the researchers' questions said they "took special precautions before opening the key. 68% admitted that they opened it without being suspicious of what might be on it."

While the Illinois researchers' experiment was safe for users, inserting "found" USB drives can have serious consequences. Note that USB flash drives are not the only hardware at risk: human interface devices or "HID" such as keyboards, mice, smartphone chargers, or any other connected object can be tampered with by malicious people. And the consequences are severe: data theft or destruction, sabotage, ransom demands, etc.

What is a malicious USB drive?

USB drives are used by 90% of employees[1] in companies, making them a prime target for cybercriminals.

The latter use so-called "malicious" USB keys, i.e. they contain a predefined attack plan that allows them to steal a user's data, access his keyboard, his screen (which allows him to see everything he does, for example), or encrypt his data in exchange for a ransom demand.

The most famous rogue USB drives are the "Rubber Ducky" or "lost" drives.

Rubber Ducky, the "lost" USB key

The "lost" USB flash drive, also known as the "Rubber Ducky" flash drive, works as soon as it is inserted into the computer. If it appears to be undetected by the device or just out of order, it is just a false impression.

The infected USB stick has indeed done its job and it is already too late. The hacker has already been able to take control of the computer remotely and retrieve sensitive information such as passwords or bank details for example.

Fortunately, solutions exist to protect against this type of attack.

Cyber attacks via USB keys: some measures to protect yourself

 

Here are some simple things to remember:

  • When a company has a decontamination station, the USB media found must be deposited there to be checked. The purpose of this device is to analyze the USB stick and decontaminate it to protect the company's information system from possible viruses.
  • Once decontaminated, it is advisable to equip yourself with a solution allowing you to encrypt the USB key. The encryption system allows securing all the files and personal information by making them impossible to read by anyone who would steal them.
  • Unfortunately, malicious USB sticks are not recognizable. Whether they are given away at a conference or found in a public area, it is important to be wary of them because every new USB stick is potentially dangerous. Without a decontamination station, it is best not to insert the newly found stick and choose a secure way (or call the company's IT department) to transfer data from one device to another.

Training your employees and making them aware of the possible risks can also pay off. USB key attacks are indeed very common and affect all sectors.

[1]Source: Les Echos, The essentials of cybersecurity in companies

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.